diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index fe988c073fc..6ab11b2a214 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -245,8 +245,8 @@ purposes. :const:`None`, this function can choose to trust the system's default CA certificates instead. - The settings in Python 3.4 are: :data:`PROTOCOL_SSLv23`, :data:`OP_NO_SSLv2`, - and :data:`OP_NO_SSLv3` with high encryption cipher suites without RC4 and + The settings are: :data:`PROTOCOL_SSLv23`, :data:`OP_NO_SSLv2`, and + :data:`OP_NO_SSLv3` with high encryption cipher suites without RC4 and without unauthenticated cipher suites. Passing :data:`~Purpose.SERVER_AUTH` as *purpose* sets :data:`~SSLContext.verify_mode` to :data:`CERT_REQUIRED` and either loads CA certificates (when at least one of *cafile*, *capath* or @@ -276,6 +276,10 @@ purposes. .. versionadded:: 3.4 + .. versionchanged:: 3.4.4 + + RC4 was dropped from the default cipher string. + Random generation ^^^^^^^^^^^^^^^^^