Donald Stufft
6a2ba94908
Issue #21013 : Enhance ssl.create_default_context() for server side contexts
...
Closes #21013 by modfying ssl.create_default_context() to:
* Move the restricted ciphers to only apply when using
ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not
is the lack of RC4 in the restricted. However there are servers that exist
that only expose RC4 still.
* Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context
will select TLS1.1 or TLS1.2 if it is available.
* Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets
* Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security
of the perfect forward secrecy
* Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side
socket the context will prioritize our ciphers which have been carefully
selected to maximize security and performance.
* Documents the failure conditions when a SSL3.0 connection is required so
that end users can more easily determine if they need to unset
ssl.OP_NO_SSLv3.
2014-03-23 19:05:28 -04:00
Georg Brandl
553e108fce
tutorial: no "linux2" sys.platform on 3.x (thanks Arfrever)
2014-03-23 23:03:59 +01:00
Antoine Pitrou
8c6f8dc527
Issue #19537 : Fix PyUnicode_DATA() alignment under m68k. Patch by Andreas Schwab.
2014-03-23 22:55:03 +01:00
Richard Oudkerk
99d8dd2489
Issue #20990 : Correction for 619331c67638.
2014-03-23 18:44:11 +00:00
R David Murray
95a8dfb924
#20976 : remove unneeded quopri import in email.utils.
2014-03-23 14:18:44 -04:00
Antoine Pitrou
f8cbbbb652
Issue #20913 : make it clear that create_default_context() also enables hostname checking
2014-03-23 16:31:08 +01:00
Richard Oudkerk
c346060440
Merge 3.3.
2014-03-23 12:52:16 +00:00
Richard Oudkerk
3e952d56ea
Issue #20633 : Replace relative import by absolute import.
2014-03-23 12:42:28 +00:00
Richard Oudkerk
80a5be1d84
Issue #20980 : Stop wrapping exception when using ThreadPool.
2014-03-23 12:30:54 +00:00
Richard Oudkerk
a40675a1a2
Issue #20990 : Fix issues found by pyflakes for multiprocessing.
2014-03-23 11:54:15 +00:00
Georg Brandl
75c5ab49ed
Closes #20975 : make date in the interpreter banner a little more consistent
2014-03-22 20:38:11 +01:00
Antoine Pitrou
c5e075ff03
Issue #20913 : improve the SSL security considerations to first advocate using create_default_context().
2014-03-22 18:19:11 +01:00
Antoine Pitrou
0bebbc33fa
Issue #21015 : SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1".
...
(should also fix a buildbot failure introduced by #20995 )
2014-03-22 18:13:50 +01:00
Donald Stufft
79ccaa2cad
Issue #20995 : Enhance default ciphers used by the ssl module
...
Closes #20995 by Enabling better security by prioritizing ciphers
such that:
* Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
* Prefer ECDHE over DHE for better performance
* Prefer any AES-GCM over any AES-CBC for better performance and security
* Then Use HIGH cipher suites as a fallback
* Then Use 3DES as fallback which is secure but slow
* Finally use RC4 as a fallback which is problematic but needed for
compatibility some times.
* Disable NULL authentication, NULL encryption, and MD5 MACs for security
reasons
2014-03-21 21:33:34 -04:00
Victor Stinner
51f3129ba2
Close #21010 : Fix typo in asyncio doc. Patch written by Claudiu Popa.
2014-03-21 17:17:15 +01:00
Victor Stinner
6bc239619c
Issue #21006 : Fix subprocess example on Windows in asyncio doc
2014-03-21 11:56:40 +01:00
Victor Stinner
7280486ce3
Close #21005 : Fix documentation of asyncio.subprocess.DEVNULL
2014-03-21 11:44:49 +01:00
Brett Cannon
46f484ee4e
merge
2014-03-21 11:02:10 -04:00
Brett Cannon
a00c2407ca
Issue #20884 : Don't assume in importlib.__init__ that __file__ is
...
defined.
2014-03-21 10:58:33 -04:00
Vinay Sajip
ed6783f315
Issue #10141 , Issue 20065: Changed #if to take CAN_RAW into account.
2014-03-21 11:44:32 +00:00
Benjamin Peterson
409a1be6cf
improve start default for relpath
2014-03-20 12:39:53 -05:00
Zachary Ware
2f31b4b577
Fix typos in Doc/faq/extending. Found by cocoatomo on docs@.
2014-03-20 10:16:09 -05:00
Zachary Ware
dbd1c43e52
Fix spelling in enum docs.
...
"equivalant" was caught by Tobias Käs on docs@, "seperated" and "chartruese"
were discovered by a spell-checker.
2014-03-20 10:01:48 -05:00
Zachary Ware
253deed862
Add missing parenthesis. Found by cocoatomo on docs@.
2014-03-20 09:46:09 -05:00
Zachary Ware
a22ae21db6
Fix parameter name in docs for os.makedirs and os.removedirs.
...
Pointed out by Colin Davis on docs@.
2014-03-20 09:42:01 -05:00
Raymond Hettinger
d852e997f4
Clean-up docstring
2014-03-20 06:42:31 -07:00
Vinay Sajip
b1698d4030
Issue #20444 : Reduced code duplication.
2014-03-20 13:14:39 +00:00
Vinay Sajip
71dcb28d1c
Issue #20558 : Improved implementation of error handling.
2014-03-20 13:03:17 +00:00
Vinay Sajip
ecfc98c67b
Issue #10141 : updated new usages of AF_CAN to be in #ifdef AF_CAN rather than #ifdef HAVE_LINUX_CAN_H to allow compilation on older Linuxes.
2014-03-20 12:42:42 +00:00
Victor Stinner
373f0a925b
Isuse #12328 , #20978 : Add _winapi.WAIT_ABANDONED_0 symbol, needed by
...
multiprocessing.connection
2014-03-20 09:26:55 +01:00
Victor Stinner
7fa767e517
Issue #20976 : pyflakes: Remove unused imports
2014-03-20 09:16:38 +01:00
Victor Stinner
69b1e261fc
Issue #20978 : pyflakes: fix undefined names
2014-03-20 08:50:52 +01:00
Victor Stinner
790bd6dd13
Issue #20978 : Remove last part of OS/2 support in distutils
2014-03-20 08:50:33 +01:00
Benjamin Peterson
deec16be07
add Nehal Hussain
2014-03-19 20:52:17 -05:00
Zachary Ware
5f3e3c3429
Use the correct VS edition names in PCbuild/readme.txt
2014-03-19 14:46:25 -05:00
Victor Stinner
9a90243f8b
Skip test_urllib2.test_issue16464() is the ssl module is missing
2014-03-19 17:31:20 +01:00
Zachary Ware
232b017607
Avoid compile warning in xxlimited on 32-bit Windows non-Debug builds.
2014-03-18 23:05:01 -05:00
Zachary Ware
270e7377ce
Clean up PCbuild/pcbuild.sln a bit:
...
- Remove configuration settings from removed _sha3.vcxproj
- Don't try to build configurations of _testembed that don't exist
(namely, PGInstrument and PGUpdate)
2014-03-18 22:34:52 -05:00
Zachary Ware
c2447f2a15
Ignore files generated by MSVC PGO builds.
2014-03-18 22:28:16 -05:00
Zachary Ware
088639936d
Issue #20966 : Fix Tkinter Resources link
2014-03-18 09:19:18 -05:00
Georg Brandl
f5c801fdca
Fix option description that is a warning in new Sphinx versions.
2014-03-18 07:44:07 +01:00
Victor Stinner
d6a91a7ab6
Issue #20879 : Delay the initialization of encoding and decoding tables for
...
base32, ascii85 and base85 codecs in the base64 module, and delay the
initialization of the unquote_to_bytes() table of the urllib.parse module, to
not waste memory if these modules are not used.
2014-03-17 22:38:41 +01:00
Benjamin Peterson
2a6053468e
move SharedKeyTests to test_descr
2014-03-17 16:20:12 -05:00
Benjamin Peterson
df813791db
correct the fix for #20637 ; allow slot descriptor inheritance to take place before creating cached keys
2014-03-17 15:57:17 -05:00
Éric Araujo
0b1be1a3b1
Fix typo in example ( #20963 )
2014-03-17 16:48:13 -04:00
Jesus Cea
28a965ff71
Typo
2014-03-17 19:22:59 +01:00
Jesus Cea
bdb8bb39dd
Typo
2014-03-17 19:13:09 +01:00
Jesus Cea
cec25b01ec
Typo
2014-03-17 19:00:48 +01:00
Antoine Pitrou
1095907624
Remove stray semicolon
2014-03-17 18:22:41 +01:00
R David Murray
f93d3dfc50
closes #20960
2014-03-17 11:20:29 -04:00