Qichao Chu added the comment:
Thanks Christian! Let's wait for OpenSSL then.
I will close this bug for now and reopen when OpenSSL releases 1.1.1 with the
new flag.
--
resolution: -> later
stage: patch review -> resolved
status: ope
Qichao Chu added the comment:
How about exposing the internal ssl object? This will allow applications to
control the flag.
--
___
Python tracker
<https://bugs.python.org/issue32
Qichao Chu added the comment:
Thank you for the investigation. This does seem better than the flag. Shall we
go ahead implement this?
--
___
Python tracker
<https://bugs.python.org/issue32
Qichao Chu added the comment:
I don't think it is a bug in OpenSSL. For various reasons, certain applications
must allow renegotiation while this leaves security problem for others. That's
why if python can control this flag, applications will be more confident in
dealing with D
Qichao Chu added the comment:
Hi Christian,
Thank you for review! I have changed the code to directly setting this flag by
using s3->flag. Code is copied from nginx repo:
https://github.com/nginx/nginx/blob/ed0cc4d52308b75ab217724392994e6828af4fda/src/event/ngx_event_openssl.c.
I think t
Change by Qichao Chu :
--
pull_requests: -4664
___
Python tracker
<https://bugs.python.org/issue32257>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Qichao Chu :
--
pull_requests: -4665
___
Python tracker
<https://bugs.python.org/issue32257>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Qichao Chu :
--
pull_requests: +4666
___
Python tracker
<https://bugs.python.org/issue32257>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Qichao Chu :
--
pull_requests: +4665
___
Python tracker
<https://bugs.python.org/issue32257>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Qichao Chu :
--
keywords: +patch
pull_requests: +4664
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issue32257>
___
___
Python-
New submission from Qichao Chu :
Adding a new method in SSLContext so that we can disable renegotiation easier.
This resolves CVE-2009-3555 and attack demoed by thc-ssl-dos
--
assignee: christian.heimes
components: SSL
messages: 307879
nosy: christian.heimes, chuq
priority: normal
11 matches
Mail list logo