Le 24/03/2014 15:21, R. David Murray a écrit :
In the context of that last sentence, I think it is worth noting the stance that 3.4 is taking[*] about security backward compatibility, since many people may not be aware of it (we only just finished making the documentation clear). If you use create_default_context() to get your context object, you get a "best practices" level of security *that may change between maintenance releases*. If you want things to not change between maintenance releases, you create your own context object and set its controls appropriately.
Indeed. Note that this works because create_default_context() is a new API, hence it was ok to choose this particular maintenance policy. Maintenance policy of 3.4 as a whole (i.e. all other APIs) hasn't changed.
(but some other aspects of SSL configuration, e.g. the default cipher list, is also amenable to changes in bugfix releases, as Donald's latest commits exemplify; in this case it should stay within the limits of reasonable backwards compatibility, i.e. not break any common use case)
Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
