New submission from Cory Mintz: The Python 2.7.3 and 2.6.8 Windows builds are both built against "OpenSSL 0.9.8l 5 Nov 2009".
This specific version of OpenSSL had renegotiation removed due a security vulnerability. Except from http://svn.python.org/projects/external/openssl-0.9.8x/NEWS. Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m: ... o Support for RFC5746 TLS renegotiation extension. ... Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l: o Temporary work around for CVE-2009-3555: disable renegotiation. Can the OpenSSL version be updated to at least OpenSSL 0.9.8m so renegotiation is supported? ---------- components: Windows messages: 167336 nosy: cory.mintz priority: normal severity: normal status: open title: openssl version in windows builds does not support renegotiation type: enhancement versions: Python 2.6, Python 2.7 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15549> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
