[Python-Dev] which SSL client protocols work with which server protocols?
matt at pollenation.net
Tue Sep 11 13:59:51 CEST 2007
Bill Janssen wrote:
> Here's the updated connection table:
> SSL2 SSL3 SS23 TLS1
> SSL2 yes no yes no
> SSL3 yes yes yes no
> SSL23 yes no yes no
> TLS1 no no yes yes
> Given this, I think the client-side default should be changed from
> SSLv23 to SSLv3, and the server-side default should be SSLv23.
I believe you are correct.
I did some experiments with this a while ago after hitting problems
connecting to some SSL servers although I can't remember the exact
More importantly, what you recommend is what Twisted does and I'd
believe them more than me any time ;-).
See Twisted's DefaultOpenSSLContextFactory  for the server side and
ClientContextFactory  for the client side.
Matt Goodall, Pollenation Internet Ltd
Technology House, 237 Lidgett Lane, Leeds LS17 6QR
Registered No 4382123
A member of the Brunswick MCL Group of Companies
e: matt at pollenation.net
t: +44 113 2252500
More information about the Python-Dev