Benjamin Peterson added the comment: People who are using SSLv3 should explicitly pass in a context. Globally enabling SSLv3 will surely be a footgun e.g for apps that talk to an outdated device then request a webpage.
I suppose wishing to globally use more secure defaults is a reasonable request. If someone writes a patch to put default context options in a global variable of the ssl module, we can look at it for 2.7.10. ---------- type: -> enhancement _______________________________________ Python tracker <[email protected]> <http://bugs.python.org/issue22866> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
