Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.
This commit is contained in:
commit
3f366314e8
|
@ -111,6 +111,9 @@ Core and Builtins
|
|||
Library
|
||||
-------
|
||||
|
||||
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
|
||||
IV attack countermeasure.
|
||||
|
||||
- Issue #13772: In os.symlink() under Windows, do not try to guess the link
|
||||
target's type (file or directory). The detection was buggy and made the
|
||||
call non-atomic (therefore prone to race conditions).
|
||||
|
|
|
@ -1481,7 +1481,8 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
|
|||
self->ctx = ctx;
|
||||
/* Defaults */
|
||||
SSL_CTX_set_verify(self->ctx, SSL_VERIFY_NONE, NULL);
|
||||
SSL_CTX_set_options(self->ctx, SSL_OP_ALL);
|
||||
SSL_CTX_set_options(self->ctx,
|
||||
SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
|
||||
|
||||
#define SID_CTX "Python"
|
||||
SSL_CTX_set_session_id_context(self->ctx, (const unsigned char *) SID_CTX,
|
||||
|
@ -2143,7 +2144,8 @@ PyInit__ssl(void)
|
|||
PY_SSL_VERSION_TLS1);
|
||||
|
||||
/* protocol options */
|
||||
PyModule_AddIntConstant(m, "OP_ALL", SSL_OP_ALL);
|
||||
PyModule_AddIntConstant(m, "OP_ALL",
|
||||
SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
|
||||
PyModule_AddIntConstant(m, "OP_NO_SSLv2", SSL_OP_NO_SSLv2);
|
||||
PyModule_AddIntConstant(m, "OP_NO_SSLv3", SSL_OP_NO_SSLv3);
|
||||
PyModule_AddIntConstant(m, "OP_NO_TLSv1", SSL_OP_NO_TLSv1);
|
||||
|
|
Loading…
Reference in New Issue