[Patches] [ python-Patches-889813 ] making the version of SSL configurable when creating sockets

SourceForge.net noreply at sourceforge.net
Fri Feb 6 11:00:16 EST 2004 

Patches item #889813, was opened at 2004-02-03 11:28
Message generated for change (Comment added) made by adamg-work
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=889813&group_id=5470

Category: Modules
Group: Python 2.3
Status: Open
Resolution: None
Priority: 5
Submitted By: adam goucher (adamg-work)
Assigned to: Nobody/Anonymous (nobody)
Summary: making the version of SSL configurable when creating sockets

Initial Comment:
Currently, socket.ssl uses the SSLv23 method of 
negotiating an ssl socket. This method connects with 
SSLv2 HELO packets and will negotiate up to a higher 
level if possible. However, if SSLv2 is turned off 
completly at the other side of the socket, this 
negotiation will fail.

I have extended socket.ssl() to include another 
optional parameter -- the SSLmethod which can be any 
of the openssl methods (SSLv2, SSLv23, SSLv3, TLSv1). 
Existing functionality is maintained by providing 
SSLv23 as the default.

Affected files:
Lib/socket.py - extension of the function
Modules/_ssl.c - guts of the changes
        socketmodule.h - theres a reference on how to 
make ssl sockets, so I added the change there

Has been tested on solaris my making an ssl 
connection to a server, as well has 
httplib.HTTPSConnection()

----------------------------------------------------------------------

>Comment By: adam goucher (adamg-work)
Date: 2004-02-06 11:00

Message:
Logged In: YES 
user_id=939860

I think in 2.3.x I would leave it as SSLv23 in order to not 
break things going from .x to .y. I think it would be 
reasonable to make TLS the default in the 2.4 branch though 
as some breakage is moreaceptable to more people when 
going between bigger releases.

----------------------------------------------------------------------

Comment By: Martin v. Löwis (loewis)
Date: 2004-02-04 17:37

Message:
Logged In: YES 
user_id=21627

Would be reasonable to change the default to TLS?

----------------------------------------------------------------------

Comment By: adam goucher (adamg-work)
Date: 2004-02-03 11:30

Message:
Logged In: YES 
user_id=939860

one last try to have all the files uploaded to the patch

----------------------------------------------------------------------

Comment By: adam goucher (adamg-work)
Date: 2004-02-03 11:29

Message:
Logged In: YES 
user_id=939860

There's no uploaded file!  You have to check the
checkbox labeled "Check to Upload & Attach File"
when you upload a file. In addition, even if you
*did* check this checkbox, a bug in SourceForge
prevents attaching a file when *creating* an issue.

Please try again.

(This is a SourceForge annoyance that we can do
nothing about. :-( )

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=889813&group_id=5470

More information about the Patches mailing list