Bill Janssen wrote: > Here's the updated connection table: > > SSL2 SSL3 SS23 TLS1 > SSL2 yes no yes no > SSL3 yes yes yes no > SSL23 yes no yes no > TLS1 no no yes yes > > Given this, I think the client-side default should be changed from > SSLv23 to SSLv3, and the server-side default should be SSLv23.
I believe you are correct. I did some experiments with this a while ago after hitting problems connecting to some SSL servers although I can't remember the exact results now. More importantly, what you recommend is what Twisted does and I'd believe them more than me any time ;-). See Twisted's DefaultOpenSSLContextFactory [1] for the server side and ClientContextFactory [2] for the client side. Cheers, Matt [1] DefaultOpenSSLContextFactory, http://twistedmatrix.com/trac/browser/trunk/twisted/internet/ssl.py#L67 [2] ClientContextFactory, http://twistedmatrix.com/trac/browser/trunk/twisted/internet/ssl.py#L102 -- Matt Goodall, Pollenation Internet Ltd Technology House, 237 Lidgett Lane, Leeds LS17 6QR Registered No 4382123 A member of the Brunswick MCL Group of Companies w: http://www.pollenation.net/ e: [EMAIL PROTECTED] t: +44 113 2252500 _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
