From 17352fff923b90d3d829c29c063aacdb68fb987c Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Tue, 13 Sep 2016 12:09:55 +0200 Subject: [PATCH] Explain why PROTOCOL_SSLv23 does not support SSLv2 and SSLv3 by default. --- Doc/library/ssl.rst | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index b7723f44655..3a9ffbc8281 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -192,16 +192,20 @@ instead. .. table:: - ======================== ========= ========= ========== ========= =========== =========== - *client* / **server** **SSLv2** **SSLv3** **TLS** **TLSv1** **TLSv1.1** **TLSv1.2** - ------------------------ --------- --------- ---------- --------- ----------- ----------- - *SSLv2* yes no yes no no no - *SSLv3* no yes yes no no no - *TLS* (*SSLv23*) no yes yes yes yes yes - *TLSv1* no no yes yes no no - *TLSv1.1* no no yes no yes no - *TLSv1.2* no no yes no no yes - ======================== ========= ========= ========== ========= =========== =========== + ======================== ============ ============ ============= ========= =========== =========== + *client* / **server** **SSLv2** **SSLv3** **TLS** **TLSv1** **TLSv1.1** **TLSv1.2** + ------------------------ ------------ ------------ ------------- --------- ----------- ----------- + *SSLv2* yes no no [1]_ no no no + *SSLv3* no yes no [2]_ no no no + *TLS* (*SSLv23*) no [1]_ no [2]_ yes yes yes yes + *TLSv1* no no yes yes no no + *TLSv1.1* no no yes no yes no + *TLSv1.2* no no yes no no yes + ======================== ============ ============ ============= ========= =========== =========== + + .. rubric:: Footnotes + .. [1] :class:`SSLContext` disables SSLv2 with :data:`OP_NO_SSLv2` by default. + .. [2] :class:`SSLContext` disables SSLv2 with :data:`OP_NO_SSLv2` by default. .. note::