35cd53a940
Issue #22660 : update various mentions in the ssl module documentation.
2014-10-21 00:16:00 +02:00
4b4ddb2190
Issue #22660 : update various mentions in the ssl module documentation.
2014-10-21 00:14:39 +02:00
2debf15593
Issue #22564 : cleanup SSLObject doc
2014-10-10 13:04:08 +02:00
29611452b7
Issue #22564 : ssl doc, add more links to the non-blocking section
2014-10-10 12:52:43 +02:00
805b262d38
Issue #22564 : ssl doc: reorganize and reindent documentation of SSLObject and
...
MemoryBIO; move documentation of SSLContext.wrap_bio()
2014-10-10 12:49:08 +02:00
9558e90315
Merge 3.4
2014-10-10 12:47:01 +02:00
cfb2a0a855
Issue #22564 : ssl doc: mention asyncio in the non-blocking section
2014-10-10 12:45:10 +02:00
92127a5edb
Merge 3.4
2014-10-10 12:43:17 +02:00
d28fe8c8f4
Issue #22564 : ssl doc: mention how SSLSocket are usually created
2014-10-10 12:07:19 +02:00
3c3d3c73f3
Issue #22564 : ssl doc: use "class" marker to document the SSLSocket class
2014-10-10 12:06:51 +02:00
41f92c2818
Issue #22564 : ssl doc: document read(), write(), pending, server_side and
...
server_hostname methods and attributes of SSLSocket.
2014-10-10 12:05:56 +02:00
851a6cc071
Issue #22564 : ssl doc: fix typos
2014-10-10 12:04:15 +02:00
b1fdf47ff5
Issue #21965 : Add support for in-memory SSL to the ssl module.
...
Patch by Geert Jansen.
2014-10-05 20:41:53 +02:00
131caba074
Revert #22251
2014-09-28 00:01:55 +03:00
9c1dba2758
Revert #22251
2014-09-28 00:00:58 +03:00
f7fee33104
Issue #22251 : Fix ReST markup to avoid errors building docs.
2014-09-27 23:22:35 +03:00
3749404ba5
Issue #22251 : Fix ReST markup to avoid errors building docs.
2014-09-27 23:21:35 +03:00
47e40429fb
Issue #20421 : Add a .version() method to SSL sockets exposing the actual protocol version in use.
2014-09-04 21:00:10 +02:00
b27d3a2d21
Closes #22072 : Merge typo fixes from 3.4
2014-07-25 13:31:36 -05:00
88a1977a08
Issue #22072 : Fix a couple of SSL doc typos. Patch by Alex Gaynor.
2014-07-25 13:30:50 -05:00
68f411670e
Issue #21994 : Merge with 3.4.
2014-07-17 05:02:02 +03:00
38bf87c7f2
Issue #21994 : Fix SyntaxError in the SSLContext.check_hostname documentation.
2014-07-17 05:00:36 +03:00
ba9fb0d83f
Fix doc build warning
2014-06-11 15:02:25 -05:00
915d14190e
fix issue #17552 : add socket.sendfile() method allowing to send a file over a socket by using high-performance os.sendfile() on UNIX. Patch by Giampaolo Rodola'·
2014-06-11 03:54:30 +02:00
8b852f111e
Fix Issue #21528 - Fix documentation typos
2014-05-20 12:58:38 -04:00
f48ff0dd6c
Issue #21430 : additions to the description of non-blocking SSL sockets
2014-05-18 00:56:53 +02:00
75e03388d8
Issue #21430 : additions to the description of non-blocking SSL sockets
2014-05-18 00:55:13 +02:00
b4bebdafe3
Issue #20951 : SSLSocket.send() now raises either SSLWantReadError or SSLWantWriteError on a non-blocking socket if the operation would block. Previously, it would return 0.
...
Patch by Nikolaus Rath.
2014-04-29 10:03:28 +02:00
c695c95626
Issue #19940 : ssl.cert_time_to_seconds() now interprets the given time string in the UTC timezone (as specified in RFC 5280), not the local timezone.
...
Patch by Akira.
2014-04-28 20:57:36 +02:00
94a5b663bf
Issue #20896 : ssl.get_server_certificate() now uses PROTOCOL_SSLv23, not PROTOCOL_SSLv3, for maximum compatibility.
2014-04-16 18:56:28 +02:00
4137465bf5
Issue #21043 : Remove the recommendation for specific CA organizations
...
Closes #21043 by updating the documentation to remove specific CA
organizations and update the text to no longer need to tell you to
download root certificates, but instead use the OS certificates
avaialble through SSLContext.load_default_certs.
2014-03-24 19:26:03 -04:00
6a2ba94908
Issue #21013 : Enhance ssl.create_default_context() for server side contexts
...
Closes #21013 by modfying ssl.create_default_context() to:
* Move the restricted ciphers to only apply when using
ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not
is the lack of RC4 in the restricted. However there are servers that exist
that only expose RC4 still.
* Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context
will select TLS1.1 or TLS1.2 if it is available.
* Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets
* Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security
of the perfect forward secrecy
* Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side
socket the context will prioritize our ciphers which have been carefully
selected to maximize security and performance.
* Documents the failure conditions when a SSL3.0 connection is required so
that end users can more easily determine if they need to unset
ssl.OP_NO_SSLv3.
2014-03-23 19:05:28 -04:00
f8cbbbb652
Issue #20913 : make it clear that create_default_context() also enables hostname checking
2014-03-23 16:31:08 +01:00
c5e075ff03
Issue #20913 : improve the SSL security considerations to first advocate using create_default_context().
2014-03-22 18:19:11 +01:00
79ccaa2cad
Issue #20995 : Enhance default ciphers used by the ssl module
...
Closes #20995 by Enabling better security by prioritizing ciphers
such that:
* Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
* Prefer ECDHE over DHE for better performance
* Prefer any AES-GCM over any AES-CBC for better performance and security
* Then Use HIGH cipher suites as a fallback
* Then Use 3DES as fallback which is secure but slow
* Finally use RC4 as a fallback which is problematic but needed for
compatibility some times.
* Disable NULL authentication, NULL encryption, and MD5 MACs for security
reasons
2014-03-21 21:33:34 -04:00
3732ed2414
Merge in all documentation changes since branching 3.4.0rc1.
2014-03-15 21:13:56 -07:00
e6d2f159fc
Issue #19422 : Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data.
2013-12-28 17:30:51 +01:00
3e86ba4e32
Issue #19422 : Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data.
2013-12-28 17:26:33 +01:00
748bad2cd0
Tidy up ssl whatsnew references, make ssl section formatting consistent.
...
Also remove some extra blank lines in the ssl doc acctions for tls1.1/1.2,
and reflow a paragraph.
2013-12-20 17:08:39 -05:00
1aa9a75fbf
Issue #19509 : Add SSLContext.check_hostname to match the peer's certificate
...
with server_hostname on handshake.
2013-12-02 02:41:19 +01:00
0e90e99188
Issue #19795 : Improved markup of True/False constants.
2013-11-29 12:19:53 +02:00
fbc1c26803
Issue #19795 : Improved markup of True/False constants.
2013-11-29 12:17:13 +02:00
5bef410471
Tweak ssl docs
2013-11-23 16:16:29 +01:00
4c05b472dd
Issue #19689 : Add ssl.create_default_context() factory function. It creates
...
a new SSLContext object with secure default settings.
2013-11-23 15:58:30 +01:00
6b2ff98df4
Correct documentation clientAuth -> CLIENT_AUTH
2013-11-23 14:42:01 +01:00
72d28500b3
Issue #19292 : Add SSLContext.load_default_certs() to load default root CA
...
certificates from default stores or system stores. By default the method
loads CA certs for authentication of server certs.
2013-11-23 13:56:58 +01:00
2427b50fdd
Issue #8813 : X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+
...
The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.
2013-11-23 11:24:32 +01:00
f22e8e5426
Issue #18147 : Add missing documentation for SSLContext.get_ca_certs().
...
Also change the argument name to the same name as getpeercert()
2013-11-22 02:22:51 +01:00
44109d7de7
Issue #17134 : Finalize interface to Windows' certificate store. Cert and
...
CRL enumeration are now two functions. enum_certificates() also returns
purpose flags as set of OIDs.
2013-11-22 01:51:30 +01:00
225877917e
Issue #8813 : Add SSLContext.verify_flags to change the verification flags
...
of the context in order to enable certification revocation list (CRL)
checks or strict X509 rules.
2013-11-21 23:56:13 +01:00
Antoine Pitrou
Victor Stinner
Berker Peksag
Zachary Ware
Giampaolo Rodola'
Donald Stufft
Larry Hastings
R David Murray
Christian Heimes
Serhiy Storchaka