Issue #22638: SSLv3 is now disabled throughout the standard library.
It can still be enabled by instantiating a SSLContext manually.
This commit is contained in:
parent
c2c62b13ce
commit
e4eda4d33f
|
@ -454,6 +454,9 @@ def _create_stdlib_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,
|
|||
context = SSLContext(protocol)
|
||||
# SSLv2 considered harmful.
|
||||
context.options |= OP_NO_SSLv2
|
||||
# SSLv3 has problematic security and is only required for really old
|
||||
# clients such as IE6 on Windows XP
|
||||
context.options |= OP_NO_SSLv3
|
||||
|
||||
if cert_reqs is not None:
|
||||
context.verify_mode = cert_reqs
|
||||
|
|
|
@ -178,6 +178,9 @@ Core and Builtins
|
|||
Library
|
||||
-------
|
||||
|
||||
- Issue #22638: SSLv3 is now disabled throughout the standard library.
|
||||
It can still be enabled by instantiating a SSLContext manually.
|
||||
|
||||
- Issue #22641: In asyncio, the default SSL context for client connections
|
||||
is now created using ssl.create_default_context(), for stronger security.
|
||||
|
||||
|
|
Loading…
Reference in New Issue