3707dfaf45
[2.7] closes bpo-34050: Fix link in SSL docs (GH-8173). (GH-8179)
...
(cherry picked from commit 9c5ba09748
2018-07-07 15:48:07 -07:00
60c888d0eb
bpo-33892: Doc: Use gender neutral words (GH-7770)
...
(cherry picked from commit 5092439c2c
2018-06-19 00:33:58 +09:00
458ed1b237
[2.7] Add version change for OpenSSL 1.1.0 compatibility (GH-7541)
2018-06-09 11:26:13 +10:00
ad65d09fd0
[2.7] bpo-33503: Fix the broken pypi link in the source and the documentation (GH-6814). (GH-6905)
...
(cherry picked from commit 19177fbd5d
2018-05-16 10:57:36 -04:00
3d87f4cf9c
[2.7] bpo-30622: Improve NPN support detection (GH-5859) ( #5863 )
...
The ssl module now detects missing NPN support in LibreSSL.
Co-Authored-By: Bernard Spil <brnrd@FreeBSD.org>
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 6cdb7954b0
2018-02-25 10:21:03 +01:00
6c7edba166
[2.7] closes bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789) ( #5792 )
...
It's bad form to pin to an old version of TLS. ssl.SSLContext has the right
protocol default, so let's not pass anyway..
(cherry picked from commit e9edee0b65
2018-02-20 22:17:10 -08:00
3ff488c082
trivial: link updates in documentation (GH-2765) ( #4836 )
...
(cherry picked from commit 4f29f3c84b
2017-12-13 14:45:13 +02:00
5b6452d412
bpo-31533: fix broken link to OpenSSL docs (GH-3674) (GH-3676)
...
(cherry picked from commit 19e4d93
2017-09-20 13:23:09 -07:00
b9a860f3bf
[2.7] bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 (GH-1363) ( #3446 )
...
* bpo-29136: Add TLS 1.3 support
TLS 1.3 introduces a new, distinct set of cipher suites. The TLS 1.3
cipher suites don't overlap with cipher suites from TLS 1.2 and earlier.
Since Python sets its own set of permitted ciphers, TLS 1.3 handshake
will fail as soon as OpenSSL 1.1.1 is released. Let's enable the common
AES-GCM and ChaCha20 suites.
Additionally the flag OP_NO_TLSv1_3 is added. It defaults to 0 (no op) with
OpenSSL prior to 1.1.1. This allows applications to opt-out from TLS 1.3
now.
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit cb5b68abde
2017-09-07 22:31:17 -07:00
ab4894bba6
[2.7] bpo-21649: Add RFC 7525 and Mozilla server side TLS (GH-3387) (GH-3400)
...
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit ad0ffa033e
2017-09-06 17:31:48 -07:00
05b7d9c667
[2.7] bpo-30714: ALPN changes for OpenSSL 1.1.0f ( #3094 )
...
OpenSSL 1.1.0 to 1.1.0e aborted the handshake when server and client
could not agree on a protocol using ALPN. OpenSSL 1.1.0f changed that.
The most recent version now behaves like OpenSSL 1.0.2 again. The ALPN
callback can pretend to not been set.
See https://github.com/openssl/openssl/pull/3158 for more details
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit a5c1bab352
2017-08-15 10:55:03 +02:00
c4f91baa35
Issue #29038 : Fix duplicate get_ca_certs() doc entry.
2016-12-23 11:10:19 +08:00
dc0e3a8907
Issue #19795 : Improved more markups of True/False.
2016-10-19 18:30:16 +03:00
ad13f338ce
Issue #19795 : Mark up None as literal text.
2016-10-19 16:29:10 +03:00
4e64c2c838
Fix ssl documentation and remove merge accident
2016-09-06 23:41:37 +02:00
d988f429fe
Issues #27850 and #27766 : Remove 3DES from ssl default cipher list and add ChaCha20 Poly1305.
2016-09-06 20:06:47 +02:00
c2fc7c4f53
Issue #26470 : Port ssl and hashlib module to OpenSSL 1.1.0.
2016-09-05 23:37:13 +02:00
12d547a80d
Issue #23921 : Standardized documentation whitespace formatting.
...
Original patch by James Edwards.
2016-05-10 13:45:32 +03:00
b4905efe23
Issue #26736 : Used HTTPS for external links in the documentation if possible.
2016-05-07 10:50:12 +03:00
6e0b44ef9e
Closes #25910 : fix dead and permanently redirected links in the docs. Thanks to SilentGhost for the patch.
2016-02-26 19:37:12 +01:00
dbcd457624
Issue #23857 : Implement PEP 493
...
Adds a Python-2-only ssl module API and environment variable to
configure the default handling of SSL/TLS certificates for
HTTPS connections.
2016-03-20 22:39:15 +10:00
721c86ef36
use imperative
2015-04-11 07:42:42 -04:00
ce29e87e6f
actually ssl3 is just completely broken
2015-04-08 11:11:00 -04:00
5151838132
versionchanged for rc4 removal ( closes #23679 )
2015-03-16 12:43:38 -05:00
72ef961059
expose X509_V_FLAG_TRUSTED_FIRST
2015-03-04 22:49:41 -05:00
aa7075845c
prefer server alpn ordering over the client's
2015-01-23 17:30:26 -05:00
65aa261eba
fix versionchanged
2015-01-23 16:47:52 -05:00
b10bfbe036
pep 466 backport of alpn ( #20188 )
2015-01-23 16:35:37 -05:00
7c90667f74
Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The
...
availability of the function is checked during the compilation. Patch written
by Bernard Spil.
2015-01-06 13:53:37 +01:00
542125e614
merge 2.7.9 release branch
2014-12-06 11:36:48 -05:00
fd0c92fe07
note that sslv3 may not be available
2014-12-06 11:36:32 -05:00
bf9eb35f96
Fix #22987 : update the compatibility matrix for a SSLv23 client.
2014-12-03 20:00:56 +01:00
6fa40c496e
fix versionchanged version
2014-11-23 20:13:55 -06:00
31aa69ead5
allow hostname to be passed to SSLContext even if OpenSSL doesn't support SNI ( closes #22921 )
...
Patch from Donald Stufft.
2014-11-23 20:13:31 -06:00
0f5d6c00b4
Fixing broken links in doc, part 4: some more breaks and redirects
2014-10-29 10:57:37 +01:00
9e4a9339e1
Issue #22660 : update various mentions in the ssl module documentation.
2014-10-21 00:14:39 +02:00
162126d567
Fixed the versionadded in the docs for the backport in 16c86a6bdbe2
2014-09-04 13:37:07 -07:00
e98205d798
Issue #20421 : Add a .version() method to SSL sockets exposing the actual protocol version in use.
...
Backport from default.
2014-09-04 13:33:22 -07:00
daeb925cc8
backport many ssl features from Python 3 ( closes #21308 )
...
A contribution of Alex Gaynor and David Reid with the generous support of
Rackspace. May God have mercy on their souls.
2014-08-20 14:14:50 -05:00
74a4ebaed0
Issue #21043 - Remove CACert.org from the recommendations
2014-03-24 19:49:42 -04:00
63cc99d9a6
Issue #19422 : Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data.
2013-12-28 17:26:33 +01:00
26d936a71e
Issue #19795 : Improved markup of True/False constants.
2013-11-29 12:16:53 +02:00
f7a52475a5
Issue #19508 : warn that ssl doesn't validate certificates by default
2013-11-17 15:42:58 +01:00
db78e4365b
fix language
2013-10-29 22:19:39 +01:00
88b2220859
Issue #18747 : document issue with OpenSSL's CPRNG state and fork
2013-10-29 21:08:56 +01:00
4e8534e2ae
Closes #19177 : replace dead link to SSL/TLS introduction with the version from Apache.
2013-10-06 18:20:31 +02:00
f12f3916aa
Issue #17739 : fix the description of SSLSocket.getpeercert(binary_form=True) for server sockets.
...
Thanks to David D Lowe for reporting.
2013-04-16 20:27:17 +02:00
76794131de
#17641 : 2.X / 3.X ssl doc unification
2013-04-06 03:46:47 +02:00
1625d88709
Issue #16341 : convert examples to use except ... as ... syntax.
2012-10-30 21:56:43 +02:00
df4c986f9e
Issue #13747 : fix SSL compatibility table.
2012-01-09 21:43:18 +01:00
Benjamin Peterson
Andrés Delfino
Mayank Singhal
Stéphane Wirtel
Christian Heimes
Miss Islington (bot)
Xiang Zhang
Serhiy Storchaka
Georg Brandl
Nick Coghlan
Victor Stinner
Antoine Pitrou
Alex Gaynor
Donald Stufft
Christian Heimes
Giampaolo Rodola'
Andrew Svetlov