[pypy-issue] [issue990] pypy ssl module defaults to SSLv2 for client connections

Ben Darnell tracker at bugs.pypy.org
Mon Jan 9 10:04:51 CET 2012


New submission from Ben Darnell <ben at bendarnell.com>:

CPython's ssl module defaults to a hybrid mode that can connect to a server 
using SSLv3 or TLSv1.  pypy's ssl module appears to be defaulting to SSLv2, 
which is disabled on many servers.  This bug also has security implications, 
since SSLv2 has known weaknesses (especially when used client-side).

Steps to reproduce:
# generate a key
openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.pem
# start a TLSv1-only server
openssl s_server -cert cert.pem -msg -tls1
# in another terminal, try to connect
python -c 'import socket,ssl; 
ssl.wrap_socket(socket.create_connection(("localhost", 4433)))'
pypy -c 'import socket,ssl; 
ssl.wrap_socket(socket.create_connection(("localhost", 4433)))'

With cpython (2.7) it works (server shows a successful handshake followed by 
immediate close), but with pypy (1.7) the server says "SSL3_GET_RECORD:wrong 
version number:s3_pkt.c:350:" and closes the connection, and the client gets an 
exception.

----------
messages: 3679
nosy: bdarnell, pypy-issue
priority: bug
status: unread
title: pypy ssl module defaults to SSLv2 for client connections

________________________________________
PyPy bug tracker <tracker at bugs.pypy.org>
<https://bugs.pypy.org/issue990>
________________________________________


More information about the pypy-issue mailing list