[Python-Dev] Issues in Python TLS
Barry Warsaw
barry at python.org
Sun Aug 14 13:50:36 EDT 2016
On Aug 13, 2016, at 04:14 PM, Benjamin Peterson wrote:
>Correctness of TLS certificate verification is known to depend deeply on
>distribution. Python began to verify certificates by default only in in
>version 2.7.9. Many OS distributions (in particular, Ubuntu) did not
>enable verification for their stable distributions for backwards
>compatibility reasons. You might find looking at distro bugs for
>CVE-2014-9365 edifying.
In particular, we discussed this issue with the Ubuntu security team and
decided that the backward compatibility issues required not enabling this by
default for older versions. We did however include the mechanisms from PEP 493
so that end-users and system administrators could make different choices based
on their own assessments and needs.
Cheers,
-Barry
More information about the Python-Dev
mailing list