[issue22935] Disabling SSLv3 support
STINNER Victor
report at bugs.python.org
Fri Dec 12 14:16:40 CET 2014
STINNER Victor added the comment:
> So this seems to be a function that just gets the certificate? You need to be careful with this since a server could perfectly decide to send a different certificate depending on the client hello it receives. (...) In any case, you should always use SSLv23, stop supporting anything else.
I don't understand. You say that depending on the protocol, you may get a different certificate, and then that we should stop supporting multiple protocol. Does it mean that you ask to remove a Python feature?
Even if it is technically possible to return a different certificate, I don't think that much servers will return a different certificate if the client uses SSLv23 instead of SSLv3.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue22935>
_______________________________________
More information about the Python-bugs-list
mailing list