Commit Graph

84241 Commits

Author SHA1 Message Date
Donald Stufft 6a2ba94908 Issue #21013: Enhance ssl.create_default_context() for server side contexts
Closes #21013 by modfying ssl.create_default_context() to:

* Move the restricted ciphers to only apply when using
  ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not
  is the lack of RC4 in the restricted. However there are servers that exist
  that only expose RC4 still.
* Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context
  will select TLS1.1 or TLS1.2 if it is available.
* Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets
* Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security
  of the perfect forward secrecy
* Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side
  socket the context will prioritize our ciphers which have been carefully
  selected to maximize security and performance.
* Documents the failure conditions when a SSL3.0 connection is required so
  that end users can more easily determine if they need to unset
  ssl.OP_NO_SSLv3.
2014-03-23 19:05:28 -04:00
Georg Brandl 553e108fce tutorial: no "linux2" sys.platform on 3.x (thanks Arfrever) 2014-03-23 23:03:59 +01:00
Antoine Pitrou 8c6f8dc527 Issue #19537: Fix PyUnicode_DATA() alignment under m68k. Patch by Andreas Schwab. 2014-03-23 22:55:03 +01:00
Richard Oudkerk 99d8dd2489 Issue #20990: Correction for 619331c67638. 2014-03-23 18:44:11 +00:00
R David Murray 95a8dfb924 #20976: remove unneeded quopri import in email.utils. 2014-03-23 14:18:44 -04:00
Antoine Pitrou f8cbbbb652 Issue #20913: make it clear that create_default_context() also enables hostname checking 2014-03-23 16:31:08 +01:00
Richard Oudkerk c346060440 Merge 3.3. 2014-03-23 12:52:16 +00:00
Richard Oudkerk 3e952d56ea Issue #20633: Replace relative import by absolute import. 2014-03-23 12:42:28 +00:00
Richard Oudkerk 80a5be1d84 Issue #20980: Stop wrapping exception when using ThreadPool. 2014-03-23 12:30:54 +00:00
Richard Oudkerk a40675a1a2 Issue #20990: Fix issues found by pyflakes for multiprocessing. 2014-03-23 11:54:15 +00:00
Georg Brandl 75c5ab49ed Closes #20975: make date in the interpreter banner a little more consistent 2014-03-22 20:38:11 +01:00
Antoine Pitrou c5e075ff03 Issue #20913: improve the SSL security considerations to first advocate using create_default_context(). 2014-03-22 18:19:11 +01:00
Antoine Pitrou 0bebbc33fa Issue #21015: SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1".
(should also fix a buildbot failure introduced by #20995)
2014-03-22 18:13:50 +01:00
Donald Stufft 79ccaa2cad Issue #20995: Enhance default ciphers used by the ssl module
Closes #20995 by Enabling better security by prioritizing ciphers
such that:

* Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
* Prefer ECDHE over DHE for better performance
* Prefer any AES-GCM over any AES-CBC for better performance and security
* Then Use HIGH cipher suites as a fallback
* Then Use 3DES as fallback which is secure but slow
* Finally use RC4 as a fallback which is problematic but needed for
  compatibility some times.
* Disable NULL authentication, NULL encryption, and MD5 MACs for security
  reasons
2014-03-21 21:33:34 -04:00
Victor Stinner 51f3129ba2 Close #21010: Fix typo in asyncio doc. Patch written by Claudiu Popa. 2014-03-21 17:17:15 +01:00
Victor Stinner 6bc239619c Issue #21006: Fix subprocess example on Windows in asyncio doc 2014-03-21 11:56:40 +01:00
Victor Stinner 7280486ce3 Close #21005: Fix documentation of asyncio.subprocess.DEVNULL 2014-03-21 11:44:49 +01:00
Brett Cannon 46f484ee4e merge 2014-03-21 11:02:10 -04:00
Brett Cannon a00c2407ca Issue #20884: Don't assume in importlib.__init__ that __file__ is
defined.
2014-03-21 10:58:33 -04:00
Vinay Sajip ed6783f315 Issue #10141, Issue 20065: Changed #if to take CAN_RAW into account. 2014-03-21 11:44:32 +00:00
Benjamin Peterson 409a1be6cf improve start default for relpath 2014-03-20 12:39:53 -05:00
Zachary Ware 2f31b4b577 Fix typos in Doc/faq/extending. Found by cocoatomo on docs@. 2014-03-20 10:16:09 -05:00
Zachary Ware dbd1c43e52 Fix spelling in enum docs.
"equivalant" was caught by Tobias Käs on docs@, "seperated" and "chartruese"
were discovered by a spell-checker.
2014-03-20 10:01:48 -05:00
Zachary Ware 253deed862 Add missing parenthesis. Found by cocoatomo on docs@. 2014-03-20 09:46:09 -05:00
Zachary Ware a22ae21db6 Fix parameter name in docs for os.makedirs and os.removedirs.
Pointed out by Colin Davis on docs@.
2014-03-20 09:42:01 -05:00
Raymond Hettinger d852e997f4 Clean-up docstring 2014-03-20 06:42:31 -07:00
Vinay Sajip b1698d4030 Issue #20444: Reduced code duplication. 2014-03-20 13:14:39 +00:00
Vinay Sajip 71dcb28d1c Issue #20558: Improved implementation of error handling. 2014-03-20 13:03:17 +00:00
Vinay Sajip ecfc98c67b Issue #10141: updated new usages of AF_CAN to be in #ifdef AF_CAN rather than #ifdef HAVE_LINUX_CAN_H to allow compilation on older Linuxes. 2014-03-20 12:42:42 +00:00
Victor Stinner 373f0a925b Isuse #12328, #20978: Add _winapi.WAIT_ABANDONED_0 symbol, needed by
multiprocessing.connection
2014-03-20 09:26:55 +01:00
Victor Stinner 7fa767e517 Issue #20976: pyflakes: Remove unused imports 2014-03-20 09:16:38 +01:00
Victor Stinner 69b1e261fc Issue #20978: pyflakes: fix undefined names 2014-03-20 08:50:52 +01:00
Victor Stinner 790bd6dd13 Issue #20978: Remove last part of OS/2 support in distutils 2014-03-20 08:50:33 +01:00
Benjamin Peterson deec16be07 add Nehal Hussain 2014-03-19 20:52:17 -05:00
Zachary Ware 5f3e3c3429 Use the correct VS edition names in PCbuild/readme.txt 2014-03-19 14:46:25 -05:00
Victor Stinner 9a90243f8b Skip test_urllib2.test_issue16464() is the ssl module is missing 2014-03-19 17:31:20 +01:00
Zachary Ware 232b017607 Avoid compile warning in xxlimited on 32-bit Windows non-Debug builds. 2014-03-18 23:05:01 -05:00
Zachary Ware 270e7377ce Clean up PCbuild/pcbuild.sln a bit:
- Remove configuration settings from removed _sha3.vcxproj
- Don't try to build configurations of _testembed that don't exist
  (namely, PGInstrument and PGUpdate)
2014-03-18 22:34:52 -05:00
Zachary Ware c2447f2a15 Ignore files generated by MSVC PGO builds. 2014-03-18 22:28:16 -05:00
Zachary Ware 088639936d Issue #20966: Fix Tkinter Resources link 2014-03-18 09:19:18 -05:00
Georg Brandl f5c801fdca Fix option description that is a warning in new Sphinx versions. 2014-03-18 07:44:07 +01:00
Victor Stinner d6a91a7ab6 Issue #20879: Delay the initialization of encoding and decoding tables for
base32, ascii85 and base85 codecs in the base64 module, and delay the
initialization of the unquote_to_bytes() table of the urllib.parse module, to
not waste memory if these modules are not used.
2014-03-17 22:38:41 +01:00
Benjamin Peterson 2a6053468e move SharedKeyTests to test_descr 2014-03-17 16:20:12 -05:00
Benjamin Peterson df813791db correct the fix for #20637; allow slot descriptor inheritance to take place before creating cached keys 2014-03-17 15:57:17 -05:00
Éric Araujo 0b1be1a3b1 Fix typo in example (#20963) 2014-03-17 16:48:13 -04:00
Jesus Cea 28a965ff71 Typo 2014-03-17 19:22:59 +01:00
Jesus Cea bdb8bb39dd Typo 2014-03-17 19:13:09 +01:00
Jesus Cea cec25b01ec Typo 2014-03-17 19:00:48 +01:00
Antoine Pitrou 1095907624 Remove stray semicolon 2014-03-17 18:22:41 +01:00
R David Murray f93d3dfc50 closes #20960 2014-03-17 11:20:29 -04:00