If the input stream encoding couldn't encode one or more of the
non-ascii characters in the prompt, it would fail, throwing a
UnicodeEncodeError. Now if that happens we re-encoding using the
'replace' error handler.
Patch by Kushal Das.
__file__.
This causes _frozen_importlib to no longer have __file__ set as well
as any frozen module imported using imp.init_frozen() (which is
deprecated).
to parse more than one XML document per pyexpat xmlparser instance.
(Original patches by Hirokazu Yamamoto and Amaury Forgeot d'Arc, with
suggested wording by David Gutteridge)
Previously a non-string, non-regex second argument and missing callable
argument could cause the test to appear to always pass.
Initial patch by Kamilla Holanda.
Closes#21043 by updating the documentation to remove specific CA
organizations and update the text to no longer need to tell you to
download root certificates, but instead use the OS certificates
avaialble through SSLContext.load_default_certs.
Closes#21013 by modfying ssl.create_default_context() to:
* Move the restricted ciphers to only apply when using
ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not
is the lack of RC4 in the restricted. However there are servers that exist
that only expose RC4 still.
* Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context
will select TLS1.1 or TLS1.2 if it is available.
* Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets
* Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security
of the perfect forward secrecy
* Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side
socket the context will prioritize our ciphers which have been carefully
selected to maximize security and performance.
* Documents the failure conditions when a SSL3.0 connection is required so
that end users can more easily determine if they need to unset
ssl.OP_NO_SSLv3.
Closes#20995 by Enabling better security by prioritizing ciphers
such that:
* Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
* Prefer ECDHE over DHE for better performance
* Prefer any AES-GCM over any AES-CBC for better performance and security
* Then Use HIGH cipher suites as a fallback
* Then Use 3DES as fallback which is secure but slow
* Finally use RC4 as a fallback which is problematic but needed for
compatibility some times.
* Disable NULL authentication, NULL encryption, and MD5 MACs for security
reasons
base32, ascii85 and base85 codecs in the base64 module, and delay the
initialization of the unquote_to_bytes() table of the urllib.parse module, to
not waste memory if these modules are not used.
Senthil Kumaran
Eric V. Smith
Michael Foord
Benjamin Peterson
R David Murray
Serhiy Storchaka
Vinay Sajip
Ned Deily
Yury Selivanov
Victor Stinner
Brett Cannon
Martin v. Löwis
Eric Snow
Richard Oudkerk
Donald Stufft
Antoine Pitrou
Larry Hastings