Christian Heimes <li...@cheimes.de> added the comment: I don't think your PR is required. The issue has been addressed in OpenSSL 0.9.8m over 7 years ago, https://access.redhat.com/security/cve/cve-2009-3555.
>From https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html > OpenSSL always attempts to use secure renegotiation as described in RFC5746. > This counters the prefix attack described in CVE-2009-3555 and elsewhere. OpenSSL changelog Changes between 0.9.8l and 0.9.8m [25 Feb 2010] *) Implement RFC5746. Re-enable renegotiation but require the extension as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a bad idea. It has been replaced by SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with SSL_CTX_set_options(). This is really not recommended unless you know what you are doing. [Eric Rescorla <e...@networkresonance.com>, Ben Laurie, Steve Henson] ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32257> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
