[Python-checkins] cpython (2.7): actually ssl3 is just completely broken
benjamin.peterson
python-checkins at python.org
Wed Apr 8 17:11:49 CEST 2015
https://hg.python.org/cpython/rev/e52571aad42f
changeset: 95489:e52571aad42f
branch: 2.7
parent: 95472:6bce7c6d0502
user: Benjamin Peterson <benjamin at python.org>
date: Wed Apr 08 11:11:00 2015 -0400
summary:
actually ssl3 is just completely broken
files:
Doc/library/ssl.rst | 14 +++++++-------
1 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -263,13 +263,13 @@
.. note::
If you find that when certain older clients or servers attempt to connect
- with a :class:`SSLContext` created by this function that they get an
- error stating "Protocol or cipher suite mismatch", it may be that they
- only support SSL3.0 which this function excludes using the
- :data:`OP_NO_SSLv3`. SSL3.0 has problematic security due to a number of
- poor implementations and it's reliance on MD5 within the protocol. If you
- wish to continue to use this function but still allow SSL 3.0 connections
- you can re-enable them using::
+ with a :class:`SSLContext` created by this function that they get an error
+ stating "Protocol or cipher suite mismatch", it may be that they only
+ support SSL3.0 which this function excludes using the
+ :data:`OP_NO_SSLv3`. SSL3.0 is widely considered to be `completely broken
+ <https://en.wikipedia.org/wiki/POODLE>`_. If you still wish to continue to
+ use this function but still allow SSL 3.0 connections you can re-enable
+ them using::
ctx = ssl.create_default_context(Purpose.CLIENT_AUTH)
ctx.options &= ~ssl.OP_NO_SSLv3
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list