[issue23679] SSL Ciphers RC4

2015-03-17 Thread mogli
mogli added the comment: That was fast, great job! For the record: The SSLv3 issue I also wrote about was a false positive because the test only works with Javascript. Python 2.7.9 has SSLv3 disabled by default as it should. urllib2.urlopen(https://sslv3.dshield.org;) # fails as it should

[issue23679] SSL Ciphers RC4

2015-03-16 Thread mogli
New submission from mogli: The documentation (https://docs.python.org/2/library/ssl.html) says: The settings in Python 2.7.9 are: PROTOCOL_SSLv23, OP_NO_SSLv2, and OP_NO_SSLv3 with high encryption cipher suites without RC4 But it still seems to use RC4: https://www.howsmyssl.com/a/check Also

[issue23679] SSL Ciphers RC4

2015-03-16 Thread STINNER Victor
STINNER Victor added the comment: You can explicitly disable RC4 if you create a SSLContext and then call set_ciphers() with the right list of ciphers. See for examples cipher lists of Python 2.7 (development branch): https://hg.python.org/cpython/file/0b44c749ae51/Lib/ssl.py#l150 Add :!RC4

[issue23679] SSL Ciphers RC4

2015-03-16 Thread Benjamin Peterson
Benjamin Peterson added the comment: RC4 is dropped in the next releases. -- dependencies: +SSL module should not offer RC4 based cipher suites for clients by default nosy: +benjamin.peterson resolution: - duplicate status: open - closed ___ Python

[issue23679] SSL Ciphers RC4

2015-03-16 Thread R. David Murray
Changes by R. David Murray rdmur...@bitdance.com: -- nosy: +alex, dstufft ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue23679 ___ ___

[issue23679] SSL Ciphers RC4

2015-03-16 Thread Alex Gaynor
Alex Gaynor added the comment: I believe RC4 will still be used under 2.7.9 on clients, this is changed for 2.7.10 -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue23679 ___

[issue23679] SSL Ciphers RC4

2015-03-16 Thread mogli
mogli added the comment: So it seems the docs are wrong. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue23679 ___ ___ Python-bugs-list mailing

[issue23679] SSL Ciphers RC4

2015-03-16 Thread Benjamin Peterson
Benjamin Peterson added the comment: They're correct for the next release. :( -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue23679 ___ ___

[issue23679] SSL Ciphers RC4

2015-03-16 Thread Roundup Robot
Roundup Robot added the comment: New changeset e1dfa5f0709f by Benjamin Peterson in branch '2.7': versionchanged for rc4 removal (closes #23679) https://hg.python.org/cpython/rev/e1dfa5f0709f New changeset 2a6a63828a40 by Benjamin Peterson in branch '3.4': versionchanged for rc4 removal (closes

[issue23679] SSL Ciphers RC4

2015-03-16 Thread R. David Murray
R. David Murray added the comment: But the doc explicitly says 2.7.9, so no, they are not correct. There also should be versionchanged directive, I think. -- assignee: - docs@python components: +Documentation dependencies: -SSL module should not offer RC4 based cipher suites for

[issue23679] SSL Ciphers RC4

2015-03-16 Thread R. David Murray
Changes by R. David Murray rdmur...@bitdance.com: -- resolution: duplicate - ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue23679 ___ ___