subject:"\[issue25530\] ssl\: OP_NO_SSLv3 should always be set unless a user specifically asks for it"

[issue25530] ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it

2015-11-11 Thread Roundup Robot


Roundup Robot added the comment:

New changeset d80954d941c7 by Benjamin Peterson in branch '2.7':
always set OP_NO_SSLv3 by default (closes #25530)
https://hg.python.org/cpython/rev/d80954d941c7

New changeset 56f64ec9259f by Benjamin Peterson in branch '3.4':
always set OP_NO_SSLv3 by default (closes #25530)
https://hg.python.org/cpython/rev/56f64ec9259f

New changeset d1737db0f1b2 by Benjamin Peterson in branch '3.5':
merge 3.4 (#25530)
https://hg.python.org/cpython/rev/d1737db0f1b2

New changeset 2899acbd2b46 by Benjamin Peterson in branch 'default':
merge 3.5 (#25530)
https://hg.python.org/cpython/rev/2899acbd2b46

--
nosy: +python-dev
resolution:  -> fixed
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue25530] ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it

2015-11-02 Thread Alex Gaynor


Alex Gaynor added the comment:

Oops, there were a few failing tests on that patch. New one is green

--
Added file: http://bugs.python.org/file40927/sslv3.diff

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue25530] ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it

2015-11-01 Thread Alex Gaynor


New submission from Alex Gaynor:

SSLv3 is broken, both _create_unverified_context and create_default_context 
turn it off, but we should make all contexts turn it off, like we do for SSLv2.

A patch is attached.

--
components: Library (Lib)
files: sslv3.diff
keywords: needs review, patch, security_issue
messages: 253868
nosy: alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou
priority: normal
severity: normal
status: open
title: ssl: OP_NO_SSLv3 should always be set unless a user specifically asks 
for it
versions: Python 2.7, Python 3.5, Python 3.6
Added file: http://bugs.python.org/file40920/sslv3.diff

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue25530] ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it

[issue25530] ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it

[issue25530] ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it

3 matches

Site Navigation

Mail list logo

Footer information