Author: tomaz
Date: Thu Jan 14 16:33:56 2016
New Revision: 1724650
URL: http://svn.apache.org/viewvc?rev=1724650&view=rev
Log:
Update post with more information.
Modified:
libcloud/site/trunk/generated/blog/2016/01/14/notice-for-linode-users.html
libcloud/site/trunk/generated/blog/archives/2016/01/index.html
libcloud/site/trunk/generated/blog/atom.xml
libcloud/site/trunk/generated/blog/index.html
libcloud/site/trunk/generated/blog/tags/announcement.html
libcloud/site/trunk/generated/blog/tags/linode.html
libcloud/site/trunk/generated/blog/tags/news.html
libcloud/site/trunk/generated/sitemap.xml
libcloud/site/trunk/source/_posts/2016-01-14-notice-for-linode-users.md
Modified:
libcloud/site/trunk/generated/blog/2016/01/14/notice-for-linode-users.html
URL:
http://svn.apache.org/viewvc/libcloud/site/trunk/generated/blog/2016/01/14/notice-for-linode-users.html?rev=1724650&r1=1724649&r2=1724650&view=diff
==============================================================================
--- libcloud/site/trunk/generated/blog/2016/01/14/notice-for-linode-users.html
(original)
+++ libcloud/site/trunk/generated/blog/2016/01/14/notice-for-linode-users.html
Thu Jan 14 16:33:56 2016
@@ -125,13 +125,12 @@ received messages similar to the one sho
socket.error: [Errno 104] Connection reset by peer
</pre>
-<p>It turns out that the issue is related to the used TLS version. For
-compatibility reasons (Libcloud also supports older Python versions), Libcloud
-uses TLS v1.0 by default.</p>
-
-<p>After experiencing DDoS attacks, Linode recently dropped support for TLS
v1.0
-and it now only support TLS >= v1.1. This means Libcloud won't work out
of the
-box anymore.</p>
+<p>It turns out that the issue is related to the used SSL / TLS version. For
+compatibility and security reasons (Libcloud also supports older Python
+versions), Libcloud uses TLS v1.0 by default.</p>
+
+<p>Linode recently dropped support for TLS v1.0 and it now only support TLS
>=
+v1.1. This means Libcloud won't work out of the box anymore.</p>
<h2>Solution</h2>
@@ -149,14 +148,25 @@ libcloud.security.SSL_VERSION = ssl.PROT
<p>Keep in mind that for this to work you need to have a recent version of
OpenSSL
installed on your system and you need to use Python >= 3.4 or Python
2.7.9.</p>
-<p>For more details please see recently updated <a
href="https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version";>documentation</a>.
If you have
-are still experiencing issues or have any questions, please feel free to reach
+<p>For more details please see recently updated <a
href="https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version";>documentation</a>.
If you are
+still experiencing issues or have any questions, please feel free to reach
us via the mailing list or IRC.</p>
<p>Note: Even if you are not experiencing any issues, it's generally a
good idea
-to use the latest version of TLS supported by your system and the provider you
+to use the highest version of TLS supported by your system and the provider you
use.</p>
+<h2>Quick note on ssl.PROTOCOL_SSLv23</h2>
+
+<p>Python uses <code>ssl.PROTOCOL_SSLv23</code> constant by default. When this
constant is
+used, it will let client known to pick the highest protocol version which both
+the client and server support (it will be selecting between SSL v3.0, TLS v1.0,
+TLS v1.1 and TLS v1.2).</p>
+
+<p>We use <code>ssl.PROTOCOL_TLSv1</code> instead of
<code>ssl.PROTOCOL_SSLv23</code> for security
+and compatibility reasons. SSL v3.0 is considered broken and unsafe and using
+<code>ssl.PROTOCOL_SSLv23</code> can result in an increased risk for a
downgrade attack.</p>
+
<h3>Thanks</h3>
<p>Special thanks to Jacob Riley, Steve V, Heath Naylor and everyone from
Modified: libcloud/site/trunk/generated/blog/archives/2016/01/index.html
URL:
http://svn.apache.org/viewvc/libcloud/site/trunk/generated/blog/archives/2016/01/index.html?rev=1724650&r1=1724649&r2=1724650&view=diff
==============================================================================
--- libcloud/site/trunk/generated/blog/archives/2016/01/index.html (original)
+++ libcloud/site/trunk/generated/blog/archives/2016/01/index.html Thu Jan 14
16:33:56 2016
@@ -117,13 +117,12 @@ received messages similar to the one sho
socket.error: [Errno 104] Connection reset by peer
</pre>
-<p>It turns out that the issue is related to the used TLS version. For
-compatibility reasons (Libcloud also supports older Python versions), Libcloud
-uses TLS v1.0 by default.</p>
-
-<p>After experiencing DDoS attacks, Linode recently dropped support for TLS
v1.0
-and it now only support TLS >= v1.1. This means Libcloud won't work out
of the
-box anymore.</p>
+<p>It turns out that the issue is related to the used SSL / TLS version. For
+compatibility and security reasons (Libcloud also supports older Python
+versions), Libcloud uses TLS v1.0 by default.</p>
+
+<p>Linode recently dropped support for TLS v1.0 and it now only support TLS
>=
+v1.1. This means Libcloud won't work out of the box anymore.</p>
<h2>Solution</h2>
@@ -141,14 +140,25 @@ libcloud.security.SSL_VERSION = ssl.PROT
<p>Keep in mind that for this to work you need to have a recent version of
OpenSSL
installed on your system and you need to use Python >= 3.4 or Python
2.7.9.</p>
-<p>For more details please see recently updated <a
href="https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version";>documentation</a>.
If you have
-are still experiencing issues or have any questions, please feel free to reach
+<p>For more details please see recently updated <a
href="https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version";>documentation</a>.
If you are
+still experiencing issues or have any questions, please feel free to reach
us via the mailing list or IRC.</p>
<p>Note: Even if you are not experiencing any issues, it's generally a
good idea
-to use the latest version of TLS supported by your system and the provider you
+to use the highest version of TLS supported by your system and the provider you
use.</p>
+<h2>Quick note on ssl.PROTOCOL_SSLv23</h2>
+
+<p>Python uses <code>ssl.PROTOCOL_SSLv23</code> constant by default. When this
constant is
+used, it will let client known to pick the highest protocol version which both
+the client and server support (it will be selecting between SSL v3.0, TLS v1.0,
+TLS v1.1 and TLS v1.2).</p>
+
+<p>We use <code>ssl.PROTOCOL_TLSv1</code> instead of
<code>ssl.PROTOCOL_SSLv23</code> for security
+and compatibility reasons. SSL v3.0 is considered broken and unsafe and using
+<code>ssl.PROTOCOL_SSLv23</code> can result in an increased risk for a
downgrade attack.</p>
+
<h3>Thanks</h3>
<p>Special thanks to Jacob Riley, Steve V, Heath Naylor and everyone from
Modified: libcloud/site/trunk/generated/blog/atom.xml
URL:
http://svn.apache.org/viewvc/libcloud/site/trunk/generated/blog/atom.xml?rev=1724650&r1=1724649&r2=1724650&view=diff
==============================================================================
--- libcloud/site/trunk/generated/blog/atom.xml (original)
+++ libcloud/site/trunk/generated/blog/atom.xml Thu Jan 14 16:33:56 2016
@@ -5,7 +5,7 @@
<link href="https://libcloud.apache.org"; rel="self" />
<link href="https://libcloud.apache.org"; />
<id>https://libcloud.apache.org</id>
- <updated>2016-01-14T12:26:37+01:00</updated>
+ <updated>2016-01-14T17:33:32+01:00</updated>
<author>
<name>The Apache Software Foundation</name>
</author>
@@ -32,13 +32,12 @@ received messages similar to the one sho
socket.error: [Errno 104] Connection reset by peer
</pre>
-<p>It turns out that the issue is related to the used TLS version. For
-compatibility reasons (Libcloud also supports older Python versions), Libcloud
-uses TLS v1.0 by default.</p>
-
-<p>After experiencing DDoS attacks, Linode recently dropped support for
TLS v1.0
-and it now only support TLS &gt;= v1.1. This means Libcloud won&#39;t
work out of the
-box anymore.</p>
+<p>It turns out that the issue is related to the used SSL / TLS version.
For
+compatibility and security reasons (Libcloud also supports older Python
+versions), Libcloud uses TLS v1.0 by default.</p>
+
+<p>Linode recently dropped support for TLS v1.0 and it now only support
TLS &gt;=
+v1.1. This means Libcloud won&#39;t work out of the box anymore.</p>
<h2>Solution</h2>
@@ -56,14 +55,25 @@ libcloud.security.SSL_VERSION = ssl.PROT
<p>Keep in mind that for this to work you need to have a recent version
of OpenSSL
installed on your system and you need to use Python &gt;= 3.4 or Python
2.7.9.</p>
-<p>For more details please see recently updated <a
href="https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version">documentation</a>.
If you have
-are still experiencing issues or have any questions, please feel free to reach
+<p>For more details please see recently updated <a
href="https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version">documentation</a>.
If you are
+still experiencing issues or have any questions, please feel free to reach
us via the mailing list or IRC.</p>
<p>Note: Even if you are not experiencing any issues, it&#39;s
generally a good idea
-to use the latest version of TLS supported by your system and the provider you
+to use the highest version of TLS supported by your system and the provider you
use.</p>
+<h2>Quick note on ssl.PROTOCOL_SSLv23</h2>
+
+<p>Python uses <code>ssl.PROTOCOL_SSLv23</code> constant by
default. When this constant is
+used, it will let client known to pick the highest protocol version which both
+the client and server support (it will be selecting between SSL v3.0, TLS v1.0,
+TLS v1.1 and TLS v1.2).</p>
+
+<p>We use <code>ssl.PROTOCOL_TLSv1</code> instead of
<code>ssl.PROTOCOL_SSLv23</code> for security
+and compatibility reasons. SSL v3.0 is considered broken and unsafe and using
+<code>ssl.PROTOCOL_SSLv23</code> can result in an increased risk
for a downgrade attack.</p>
+
<h3>Thanks</h3>
<p>Special thanks to Jacob Riley, Steve V, Heath Naylor and everyone from
Modified: libcloud/site/trunk/generated/blog/index.html
URL:
http://svn.apache.org/viewvc/libcloud/site/trunk/generated/blog/index.html?rev=1724650&r1=1724649&r2=1724650&view=diff
==============================================================================
--- libcloud/site/trunk/generated/blog/index.html (original)
+++ libcloud/site/trunk/generated/blog/index.html Thu Jan 14 16:33:56 2016
@@ -119,13 +119,12 @@ received messages similar to the one sho
socket.error: [Errno 104] Connection reset by peer
</pre>
-<p>It turns out that the issue is related to the used TLS version. For
-compatibility reasons (Libcloud also supports older Python versions), Libcloud
-uses TLS v1.0 by default.</p>
-
-<p>After experiencing DDoS attacks, Linode recently dropped support for TLS
v1.0
-and it now only support TLS >= v1.1. This means Libcloud won't work out
of the
-box anymore.</p>
+<p>It turns out that the issue is related to the used SSL / TLS version. For
+compatibility and security reasons (Libcloud also supports older Python
+versions), Libcloud uses TLS v1.0 by default.</p>
+
+<p>Linode recently dropped support for TLS v1.0 and it now only support TLS
>=
+v1.1. This means Libcloud won't work out of the box anymore.</p>
<h2>Solution</h2>
@@ -145,14 +144,25 @@ libcloud.security.SSL_VERSION = ssl.PROT
<p>Keep in mind that for this to work you need to have a recent version of
OpenSSL
installed on your system and you need to use Python >= 3.4 or Python
2.7.9.</p>
-<p>For more details please see recently updated <a
href="https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version";>documentation</a>.
If you have
-are still experiencing issues or have any questions, please feel free to reach
+<p>For more details please see recently updated <a
href="https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version";>documentation</a>.
If you are
+still experiencing issues or have any questions, please feel free to reach
us via the mailing list or IRC.</p>
<p>Note: Even if you are not experiencing any issues, it's generally a
good idea
-to use the latest version of TLS supported by your system and the provider you
+to use the highest version of TLS supported by your system and the provider you
use.</p>
+<h2>Quick note on ssl.PROTOCOL_SSLv23</h2>
+
+<p>Python uses <code>ssl.PROTOCOL_SSLv23</code> constant by default. When this
constant is
+used, it will let client known to pick the highest protocol version which both
+the client and server support (it will be selecting between SSL v3.0, TLS v1.0,
+TLS v1.1 and TLS v1.2).</p>
+
+<p>We use <code>ssl.PROTOCOL_TLSv1</code> instead of
<code>ssl.PROTOCOL_SSLv23</code> for security
+and compatibility reasons. SSL v3.0 is considered broken and unsafe and using
+<code>ssl.PROTOCOL_SSLv23</code> can result in an increased risk for a
downgrade attack.</p>
+
<h3>Thanks</h3>
<p>Special thanks to Jacob Riley, Steve V, Heath Naylor and everyone from
Modified: libcloud/site/trunk/generated/blog/tags/announcement.html
URL:
http://svn.apache.org/viewvc/libcloud/site/trunk/generated/blog/tags/announcement.html?rev=1724650&r1=1724649&r2=1724650&view=diff
==============================================================================
--- libcloud/site/trunk/generated/blog/tags/announcement.html (original)
+++ libcloud/site/trunk/generated/blog/tags/announcement.html Thu Jan 14
16:33:56 2016
@@ -118,13 +118,12 @@ received messages similar to the one sho
socket.error: [Errno 104] Connection reset by peer
</pre>
-<p>It turns out that the issue is related to the used TLS version. For
-compatibility reasons (Libcloud also supports older Python versions), Libcloud
-uses TLS v1.0 by default.</p>
-
-<p>After experiencing DDoS attacks, Linode recently dropped support for TLS
v1.0
-and it now only support TLS >= v1.1. This means Libcloud won't work out
of the
-box anymore.</p>
+<p>It turns out that the issue is related to the used SSL / TLS version. For
+compatibility and security reasons (Libcloud also supports older Python
+versions), Libcloud uses TLS v1.0 by default.</p>
+
+<p>Linode recently dropped support for TLS v1.0 and it now only support TLS
>=
+v1.1. This means Libcloud won't work out of the box anymore.</p>
<h2>Solution</h2>
@@ -144,14 +143,25 @@ libcloud.security.SSL_VERSION = ssl.PROT
<p>Keep in mind that for this to work you need to have a recent version of
OpenSSL
installed on your system and you need to use Python >= 3.4 or Python
2.7.9.</p>
-<p>For more details please see recently updated <a
href="https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version";>documentation</a>.
If you have
-are still experiencing issues or have any questions, please feel free to reach
+<p>For more details please see recently updated <a
href="https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version";>documentation</a>.
If you are
+still experiencing issues or have any questions, please feel free to reach
us via the mailing list or IRC.</p>
<p>Note: Even if you are not experiencing any issues, it's generally a
good idea
-to use the latest version of TLS supported by your system and the provider you
+to use the highest version of TLS supported by your system and the provider you
use.</p>
+<h2>Quick note on ssl.PROTOCOL_SSLv23</h2>
+
+<p>Python uses <code>ssl.PROTOCOL_SSLv23</code> constant by default. When this
constant is
+used, it will let client known to pick the highest protocol version which both
+the client and server support (it will be selecting between SSL v3.0, TLS v1.0,
+TLS v1.1 and TLS v1.2).</p>
+
+<p>We use <code>ssl.PROTOCOL_TLSv1</code> instead of
<code>ssl.PROTOCOL_SSLv23</code> for security
+and compatibility reasons. SSL v3.0 is considered broken and unsafe and using
+<code>ssl.PROTOCOL_SSLv23</code> can result in an increased risk for a
downgrade attack.</p>
+
<h3>Thanks</h3>
<p>Special thanks to Jacob Riley, Steve V, Heath Naylor and everyone from
Modified: libcloud/site/trunk/generated/blog/tags/linode.html
URL:
http://svn.apache.org/viewvc/libcloud/site/trunk/generated/blog/tags/linode.html?rev=1724650&r1=1724649&r2=1724650&view=diff
==============================================================================
--- libcloud/site/trunk/generated/blog/tags/linode.html (original)
+++ libcloud/site/trunk/generated/blog/tags/linode.html Thu Jan 14 16:33:56 2016
@@ -118,13 +118,12 @@ received messages similar to the one sho
socket.error: [Errno 104] Connection reset by peer
</pre>
-<p>It turns out that the issue is related to the used TLS version. For
-compatibility reasons (Libcloud also supports older Python versions), Libcloud
-uses TLS v1.0 by default.</p>
-
-<p>After experiencing DDoS attacks, Linode recently dropped support for TLS
v1.0
-and it now only support TLS >= v1.1. This means Libcloud won't work out
of the
-box anymore.</p>
+<p>It turns out that the issue is related to the used SSL / TLS version. For
+compatibility and security reasons (Libcloud also supports older Python
+versions), Libcloud uses TLS v1.0 by default.</p>
+
+<p>Linode recently dropped support for TLS v1.0 and it now only support TLS
>=
+v1.1. This means Libcloud won't work out of the box anymore.</p>
<h2>Solution</h2>
@@ -144,14 +143,25 @@ libcloud.security.SSL_VERSION = ssl.PROT
<p>Keep in mind that for this to work you need to have a recent version of
OpenSSL
installed on your system and you need to use Python >= 3.4 or Python
2.7.9.</p>
-<p>For more details please see recently updated <a
href="https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version";>documentation</a>.
If you have
-are still experiencing issues or have any questions, please feel free to reach
+<p>For more details please see recently updated <a
href="https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version";>documentation</a>.
If you are
+still experiencing issues or have any questions, please feel free to reach
us via the mailing list or IRC.</p>
<p>Note: Even if you are not experiencing any issues, it's generally a
good idea
-to use the latest version of TLS supported by your system and the provider you
+to use the highest version of TLS supported by your system and the provider you
use.</p>
+<h2>Quick note on ssl.PROTOCOL_SSLv23</h2>
+
+<p>Python uses <code>ssl.PROTOCOL_SSLv23</code> constant by default. When this
constant is
+used, it will let client known to pick the highest protocol version which both
+the client and server support (it will be selecting between SSL v3.0, TLS v1.0,
+TLS v1.1 and TLS v1.2).</p>
+
+<p>We use <code>ssl.PROTOCOL_TLSv1</code> instead of
<code>ssl.PROTOCOL_SSLv23</code> for security
+and compatibility reasons. SSL v3.0 is considered broken and unsafe and using
+<code>ssl.PROTOCOL_SSLv23</code> can result in an increased risk for a
downgrade attack.</p>
+
<h3>Thanks</h3>
<p>Special thanks to Jacob Riley, Steve V, Heath Naylor and everyone from
Modified: libcloud/site/trunk/generated/blog/tags/news.html
URL:
http://svn.apache.org/viewvc/libcloud/site/trunk/generated/blog/tags/news.html?rev=1724650&r1=1724649&r2=1724650&view=diff
==============================================================================
--- libcloud/site/trunk/generated/blog/tags/news.html (original)
+++ libcloud/site/trunk/generated/blog/tags/news.html Thu Jan 14 16:33:56 2016
@@ -118,13 +118,12 @@ received messages similar to the one sho
socket.error: [Errno 104] Connection reset by peer
</pre>
-<p>It turns out that the issue is related to the used TLS version. For
-compatibility reasons (Libcloud also supports older Python versions), Libcloud
-uses TLS v1.0 by default.</p>
-
-<p>After experiencing DDoS attacks, Linode recently dropped support for TLS
v1.0
-and it now only support TLS >= v1.1. This means Libcloud won't work out
of the
-box anymore.</p>
+<p>It turns out that the issue is related to the used SSL / TLS version. For
+compatibility and security reasons (Libcloud also supports older Python
+versions), Libcloud uses TLS v1.0 by default.</p>
+
+<p>Linode recently dropped support for TLS v1.0 and it now only support TLS
>=
+v1.1. This means Libcloud won't work out of the box anymore.</p>
<h2>Solution</h2>
@@ -144,14 +143,25 @@ libcloud.security.SSL_VERSION = ssl.PROT
<p>Keep in mind that for this to work you need to have a recent version of
OpenSSL
installed on your system and you need to use Python >= 3.4 or Python
2.7.9.</p>
-<p>For more details please see recently updated <a
href="https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version";>documentation</a>.
If you have
-are still experiencing issues or have any questions, please feel free to reach
+<p>For more details please see recently updated <a
href="https://libcloud.readthedocs.org/en/latest/other/ssl-certificate-validation.html#changing-used-ssl-tls-version";>documentation</a>.
If you are
+still experiencing issues or have any questions, please feel free to reach
us via the mailing list or IRC.</p>
<p>Note: Even if you are not experiencing any issues, it's generally a
good idea
-to use the latest version of TLS supported by your system and the provider you
+to use the highest version of TLS supported by your system and the provider you
use.</p>
+<h2>Quick note on ssl.PROTOCOL_SSLv23</h2>
+
+<p>Python uses <code>ssl.PROTOCOL_SSLv23</code> constant by default. When this
constant is
+used, it will let client known to pick the highest protocol version which both
+the client and server support (it will be selecting between SSL v3.0, TLS v1.0,
+TLS v1.1 and TLS v1.2).</p>
+
+<p>We use <code>ssl.PROTOCOL_TLSv1</code> instead of
<code>ssl.PROTOCOL_SSLv23</code> for security
+and compatibility reasons. SSL v3.0 is considered broken and unsafe and using
+<code>ssl.PROTOCOL_SSLv23</code> can result in an increased risk for a
downgrade attack.</p>
+
<h3>Thanks</h3>
<p>Special thanks to Jacob Riley, Steve V, Heath Naylor and everyone from
Modified: libcloud/site/trunk/generated/sitemap.xml
URL:
http://svn.apache.org/viewvc/libcloud/site/trunk/generated/sitemap.xml?rev=1724650&r1=1724649&r2=1724650&view=diff
==============================================================================
--- libcloud/site/trunk/generated/sitemap.xml (original)
+++ libcloud/site/trunk/generated/sitemap.xml Thu Jan 14 16:33:56 2016
@@ -298,7 +298,7 @@
</url>
<url>
<loc>https://libcloud.apache.org/</loc>
- <lastmod>2016-01-14T12:26:33+01:00</lastmod>
+ <lastmod>2016-01-14T17:31:09+01:00</lastmod>
</url>
<url>
<loc>https://libcloud.apache.org/whois-using.html</loc>
@@ -330,7 +330,7 @@
</url>
<url>
<loc>https://libcloud.apache.org/blog/blog/</loc>
- <lastmod>2016-01-14T12:26:33+01:00</lastmod>
+ <lastmod>2016-01-14T17:31:09+01:00</lastmod>
</url>
<url>
<loc>https://libcloud.apache.org/gsoc-2014.html</loc>
Modified:
libcloud/site/trunk/source/_posts/2016-01-14-notice-for-linode-users.md
URL:
http://svn.apache.org/viewvc/libcloud/site/trunk/source/_posts/2016-01-14-notice-for-linode-users.md?rev=1724650&r1=1724649&r2=1724650&view=diff
==============================================================================
--- libcloud/site/trunk/source/_posts/2016-01-14-notice-for-linode-users.md
(original)
+++ libcloud/site/trunk/source/_posts/2016-01-14-notice-for-linode-users.md Thu
Jan 14 16:33:56 2016
@@ -21,13 +21,12 @@ received messages similar to the one sho
socket.error: [Errno 104] Connection reset by peer
</pre>
-It turns out that the issue is related to the used TLS version. For
-compatibility reasons (Libcloud also supports older Python versions), Libcloud
-uses TLS v1.0 by default.
-
-After experiencing DDoS attacks, Linode recently dropped support for TLS v1.0
-and it now only support TLS >= v1.1. This means Libcloud won't work out of the
-box anymore.
+It turns out that the issue is related to the used SSL / TLS version. For
+compatibility and security reasons (Libcloud also supports older Python
+versions), Libcloud uses TLS v1.0 by default.
+
+Linode recently dropped support for TLS v1.0 and it now only support TLS >=
+v1.1. This means Libcloud won't work out of the box anymore.
## Solution
@@ -46,14 +45,25 @@ or TLS v1.1 as shown below.
Keep in mind that for this to work you need to have a recent version of OpenSSL
installed on your system and you need to use Python >= 3.4 or Python 2.7.9.
-For more details please see recently updated [documentation][3]. If you have
-are still experiencing issues or have any questions, please feel free to reach
+For more details please see recently updated [documentation][3]. If you are
+still experiencing issues or have any questions, please feel free to reach
us via the mailing list or IRC.
Note: Even if you are not experiencing any issues, it's generally a good idea
-to use the latest version of TLS supported by your system and the provider you
+to use the highest version of TLS supported by your system and the provider you
use.
+## Quick note on ssl.PROTOCOL_SSLv23
+
+Python uses ``ssl.PROTOCOL_SSLv23`` constant by default. When this constant is
+used, it will let client known to pick the highest protocol version which both
+the client and server support (it will be selecting between SSL v3.0, TLS v1.0,
+TLS v1.1 and TLS v1.2).
+
+We use ``ssl.PROTOCOL_TLSv1`` instead of ``ssl.PROTOCOL_SSLv23`` for security
+and compatibility reasons. SSL v3.0 is considered broken and unsafe and using
+``ssl.PROTOCOL_SSLv23`` can result in an increased risk for a downgrade attack.
+
### Thanks
Special thanks to Jacob Riley, Steve V, Heath Naylor and everyone from
