[issue25530] ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it

Roundup Robot added the comment: New changeset d80954d941c7 by Benjamin Peterson in branch '2.7': always set OP_NO_SSLv3 by default (closes #25530) https://hg.python.org/cpython/rev/d80954d941c7 New changeset 56f64ec9259f by Benjamin Peterson in branch '3.4': always set OP_NO_SSLv3 by default

[issue25530] ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it

Alex Gaynor added the comment: Oops, there were a few failing tests on that patch. New one is green -- Added file: http://bugs.python.org/file40927/sslv3.diff ___ Python tracker

[issue25530] ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it

New submission from Alex Gaynor: SSLv3 is broken, both _create_unverified_context and create_default_context turn it off, but we should make all contexts turn it off, like we do for SSLv2. A patch is attached. -- components: Library (Lib) files: sslv3.diff keywords: needs review,