[Python-checkins] cpython (merge 3.6 -> default): Explain why PROTOCOL_SSLv23 does not support SSLv2 and SSLv3 by default.

christian.heimes python-checkins at python.org
Tue Sep 13 06:10:52 EDT 2016 

https://hg.python.org/cpython/rev/5cf9144fc229
changeset:   103754:5cf9144fc229
parent:      103752:e03c1b6830fd
parent:      103753:f1a72a576bf2
user:        Christian Heimes <christian at python.org>
date:        Tue Sep 13 12:10:45 2016 +0200
summary:
  Explain why PROTOCOL_SSLv23 does not support SSLv2 and SSLv3 by default.

files:
  Doc/library/ssl.rst |  24 ++++++++++++++----------
  1 files changed, 14 insertions(+), 10 deletions(-)


diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -192,16 +192,20 @@
 
      .. table::
 
-       ========================  =========  =========  ==========  =========  ===========  ===========
-        *client* / **server**    **SSLv2**  **SSLv3**  **TLS**     **TLSv1**  **TLSv1.1**  **TLSv1.2**
-       ------------------------  ---------  ---------  ----------  ---------  -----------  -----------
-        *SSLv2*                    yes        no         yes         no         no         no
-        *SSLv3*                    no         yes        yes         no         no         no
-        *TLS* (*SSLv23*)           no         yes        yes         yes        yes        yes
-        *TLSv1*                    no         no         yes         yes        no         no
-        *TLSv1.1*                  no         no         yes         no         yes        no
-        *TLSv1.2*                  no         no         yes         no         no         yes
-       ========================  =========  =========  ==========  =========  ===========  ===========
+       ========================  ============  ============  =============  =========  ===========  ===========
+        *client* / **server**    **SSLv2**     **SSLv3**     **TLS**        **TLSv1**  **TLSv1.1**  **TLSv1.2**
+       ------------------------  ------------  ------------  -------------  ---------  -----------  -----------
+        *SSLv2*                    yes           no            no [1]_        no         no         no
+        *SSLv3*                    no            yes           no [2]_        no         no         no
+        *TLS* (*SSLv23*)           no [1]_       no [2]_       yes            yes        yes        yes
+        *TLSv1*                    no            no            yes            yes        no         no
+        *TLSv1.1*                  no            no            yes            no         yes        no
+        *TLSv1.2*                  no            no            yes            no         no         yes
+       ========================  ============  ============  =============  =========  ===========  ===========
+
+   .. rubric:: Footnotes
+   .. [1] :class:`SSLContext` disables SSLv2 with :data:`OP_NO_SSLv2` by default.
+   .. [2] :class:`SSLContext` disables SSLv2 with :data:`OP_NO_SSLv2` by default.
 
    .. note::
 

-- 
Repository URL: https://hg.python.org/cpython

More information about the Python-checkins mailing list