[issue20770] Inform caller of smtplib STARTTLS failures
And Clover
report at bugs.python.org
Tue Feb 25 19:35:02 CET 2014
And Clover added the comment:
This could potentially be considered a security issue as it would allow a MitM attacker to sabotage the STARTTLS and get the rest of the content in the clear.
I don't personally consider it too serious as I doubt anyone is (a) relying on the security of this for lowly mail and (b) has the rest of the context stuff set up to validate the TLS connection properly anyhow, but there's an argument for sec bug.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20770>
_______________________________________
More information about the Python-bugs-list
mailing list