[issue20209] Deprecate PROTOCOL_SSLv2

Changes by Antoine Pitrou : -- resolution: -> rejected status: open -> closed ___ Python tracker ___ ___ Python-bugs-list mailing lis

[issue20209] Deprecate PROTOCOL_SSLv2

Larry Hastings added the comment: I agree. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pyth

[issue20209] Deprecate PROTOCOL_SSLv2

Antoine Pitrou added the comment: Thanks for the insight. Then I suggest to close this issue as postponed or rejected. -- ___ Python tracker ___

[issue20209] Deprecate PROTOCOL_SSLv2

Derek Wilson added the comment: sslv2 should not be deprecated yet. in the field of security research it is highly valuable to locate servers that are still using sslv2 because it is a security risk. i'm fine with making it not used by default, but there is no reason to remove the capability

[issue20209] Deprecate PROTOCOL_SSLv2

Changes by Antoine Pitrou : -- nosy: +hynek ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python

[issue20209] Deprecate PROTOCOL_SSLv2

Changes by Antoine Pitrou : -- versions: +Python 3.4 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://ma

[issue20209] Deprecate PROTOCOL_SSLv2

Larry Hastings added the comment: Okay, you have my permission to mark it pending deprecated. > What I'm proposing is to remove it after we deprecate it. I understand the deprecation process. Like I said, I was just trying to get a sense of how many people would be affected. --

[issue20209] Deprecate PROTOCOL_SSLv2

Antoine Pitrou added the comment: > If we removed it completely (which I'm *not* proposing, just gathering > data) how many people would it affect? What I'm proposing is to remove it after we deprecate it. I don't think it would affect many people, if any, but we still should have a deprecation

[issue20209] Deprecate PROTOCOL_SSLv2

Larry Hastings added the comment: If we removed it completely (which I'm *not* proposing, just gathering data) how many people would it affect? Is there any legitimate reason why some people would want SSLv2? Like "we aren't allowed to upgrade this server" or something. -- _

[issue20209] Deprecate PROTOCOL_SSLv2

Antoine Pitrou added the comment: (FTR, Alex's comment mixes up the default settings used by urlopen() with what the ssl module allows to do when invoked directly) -- ___ Python tracker ___

[issue20209] Deprecate PROTOCOL_SSLv2

Antoine Pitrou added the comment: > If #20207 happens for 3.4, would it still be possible to use SSLv2? #20207 has already happened for 3.4 and, yes, it's still possible to use SSLv2 (except that many distros also disable SSLv2 in their OpenSSL build). The commit message is quite clear about t

[issue20209] Deprecate PROTOCOL_SSLv2

Larry Hastings added the comment: I don't have a lot of context for this. It sounds like #20207 proposes to remove the ability to use SSLv2 at all. And in the comments Alex Gaynor seems to say that SSLv2 is already disabled in Python 3. If #20207 happens for 3.4, would it still be possible t

[issue20209] Deprecate PROTOCOL_SSLv2

Antoine Pitrou added the comment: > Is there any way to use SSLv2 in 3.4? Yes, by using PROTOCOL_SSLv2. (you're asking strange questions) -- ___ Python tracker ___ _

[issue20209] Deprecate PROTOCOL_SSLv2

Larry Hastings added the comment: Is there any way to use SSLv2 in 3.4? -- ___ Python tracker ___ ___ Python-bugs-list mailing list Un

[issue20209] Deprecate PROTOCOL_SSLv2

Antoine Pitrou added the comment: The ssl module has an attribute named PROTOCOL_SSLv2 that I'm proposing to deprecate. -- ___ Python tracker ___ ___

[issue20209] Deprecate PROTOCOL_SSLv2

Larry Hastings added the comment: Okay, then, can you educate me on what you're proposing here? -- ___ Python tracker ___ ___ Python-b

[issue20209] Deprecate PROTOCOL_SSLv2

Larry Hastings added the comment: Would the patch be about as simple as the patch for 2.7 in #20207? Also, #20207 is also marked for 3.4. Either unmark 3.4/3.5 in #20207, or close this bug as a duplicate. -- ___ Python tracker

[issue20209] Deprecate PROTOCOL_SSLv2

Antoine Pitrou added the comment: Those bugs are orthogonal, Larry. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubs

[issue20209] Deprecate PROTOCOL_SSLv2

R. David Murray added the comment: I don't see why a deprecation would be late, since we haven't hit RC yet. A deprecation doesn't change the API. But yes, it is Larry's call. -- ___ Python tracker _

[issue20209] Deprecate PROTOCOL_SSLv2

Antoine Pitrou added the comment: It sounds a bit too late, although that would be Larry's call. -- nosy: +larry ___ Python tracker ___ __

[issue20209] Deprecate PROTOCOL_SSLv2

R. David Murray added the comment: Why not in 3.4? -- nosy: +r.david.murray ___ Python tracker ___ ___ Python-bugs-list mailing list U

[issue20209] Deprecate PROTOCOL_SSLv2

STINNER Victor added the comment: See also issue #20207. -- nosy: +haypo ___ Python tracker ___ ___ Python-bugs-list mailing list Unsu

[issue20209] Deprecate PROTOCOL_SSLv2

New submission from Antoine Pitrou: It sounds like we may deprecate PROTOCOL_SSLv2 in 3.5. -- components: Library (Lib) messages: 207762 nosy: christian.heimes, giampaolo.rodola, janssen, pitrou priority: low severity: normal status: open title: Deprecate PROTOCOL_SSLv2 type: behavior ve