On Sat, 10 Sep 2016 20:23:13 +0200
Christian Heimes wrote:
>
> It's a bit too clever and tricky for my taste. I prefer 'explicit is
> better than implicit' for trust anchors. My main concern are secure
> default settings. A SSLContext should be secure w/o further settings
On Sat, 10 Sep 2016 16:22:57 +0200
Christian Heimes wrote:
>
> For 3.6 I like to make the SSL more sane and more secure by default.
> Yes, I'm a bit late but all my proposals are implemented, documented,
> partly tested and existing tests are passing.
I don't have time
On 11 September 2016 at 05:20, Christian Heimes wrote:
> On 2016-09-10 17:24, Nick Coghlan wrote:
>> On 11 September 2016 at 00:22, Christian Heimes wrote:
>>> First I like to deprecated some old APIs and favor of SSLCotext. We have
>>> multiple ways
On 2016-09-10 17:24, Nick Coghlan wrote:
> On 11 September 2016 at 00:22, Christian Heimes wrote:
>> First I like to deprecated some old APIs and favor of SSLCotext. We have
>> multiple ways to create a SSL socket or to configure libraries like
>> urllib. The general idea is
On 2016-09-10 18:24, Donald Stufft wrote:
>
>> On Sep 10, 2016, at 10:22 AM, Christian Heimes wrote:
>>
>> I don't load any certs because it is not possible to remove a cert or
>> X509 lookup once it is loaded. create_default_context() just have to
>> load the certs and set
> On Sep 10, 2016, at 10:22 AM, Christian Heimes wrote:
>
> I don't load any certs because it is not possible to remove a cert or
> X509 lookup once it is loaded. create_default_context() just have to
> load the certs and set more secure ciper suites.
This part is the
On 11 September 2016 at 00:22, Christian Heimes wrote:
> First I like to deprecated some old APIs and favor of SSLCotext. We have
> multiple ways to create a SSL socket or to configure libraries like
> urllib. The general idea is to make SSLContext the central object for
>