[issue21013] server-specific SSL context configuration
Antoine Pitrou
report at bugs.python.org
Sat Mar 22 19:13:39 CET 2014
Antoine Pitrou added the comment:
> We can add OP_NO_SSLv3 to the default context to prevent SSL3 but it's
> sort of a situational thing. If you're doing something where you need
> SSL3 clients you don't want OP_NO_SSLv3.
>
> So I guess the question is, do we want to be more secure by default
> and *not* lower the lower bounds of security and require people to add
> context.options & ~ssl.OP_NO_SSLv3 if they want to support SSLv3
> connections?
Most people won't understand the symptoms if some clients can't connect,
so I'd say no.
Also, clients should always use the higher possible protocol version, so
I don't think security is at stake here.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21013>
_______________________________________
More information about the Python-bugs-list
mailing list