19e4d9346d
bpo-31533: fix broken link to OpenSSL docs ( #3674 )
2017-09-20 20:20:18 +02:00
e82c034496
bpo-31431: SSLContext.check_hostname auto-sets CERT_REQUIRED ( #3531 )
...
Signed-off-by: Christian Heimes <christian@python.org>
2017-09-15 20:29:57 +02:00
4df60f18c6
bpo-31386: Custom wrap_bio and wrap_socket type ( #3426 )
...
SSLSocket.wrap_bio() and SSLSocket.wrap_socket() hard-code SSLObject and
SSLSocket as return types. In the light of future deprecation of
ssl.wrap_socket() module function and direct instantiation of SSLSocket,
it is desirable to make the return type of SSLSocket.wrap_bio() and
SSLSocket.wrap_socket() customizable.
Signed-off-by: Christian Heimes <christian@python.org>
2017-09-15 20:26:05 +02:00
b3ad0e5127
bpo-28182: Expose OpenSSL verification results ( #3412 )
...
The SSL module now raises SSLCertVerificationError when OpenSSL fails to
verify the peer's certificate. The exception contains more information about
the error.
Original patch by Chi Hsuan Yen
Signed-off-by: Christian Heimes <christian@python.org>
2017-09-08 12:00:19 -07:00
cb5b68abde
bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 ( #1363 )
...
* bpo-29136: Add TLS 1.3 support
TLS 1.3 introduces a new, distinct set of cipher suites. The TLS 1.3
cipher suites don't overlap with cipher suites from TLS 1.2 and earlier.
Since Python sets its own set of permitted ciphers, TLS 1.3 handshake
will fail as soon as OpenSSL 1.1.1 is released. Let's enable the common
AES-GCM and ChaCha20 suites.
Additionally the flag OP_NO_TLSv1_3 is added. It defaults to 0 (no op) with
OpenSSL prior to 1.1.1. This allows applications to opt-out from TLS 1.3
now.
Signed-off-by: Christian Heimes <christian@python.org>
2017-09-07 18:07:00 -07:00
ad0ffa033e
bpo-21649: Add RFC 7525 and Mozilla server side TLS ( #3387 )
...
Signed-off-by: Christian Heimes <christian@python.org>
2017-09-06 16:19:56 -07:00
7b40cb7293
bpo-30714: ALPN changes for OpenSSL 1.1.0f ( #2305 )
...
OpenSSL 1.1.0 to 1.1.0e aborted the handshake when server and client
could not agree on a protocol using ALPN. OpenSSL 1.1.0f changed that.
The most recent version now behaves like OpenSSL 1.0.2 again. The ALPN
callback can pretend to not been set.
See https://github.com/openssl/openssl/pull/3158 for more details
Signed-off-by: Christian Heimes <christian@python.org>
2017-08-15 10:33:43 +02:00
fdfca5f0ff
remove extra word ( #2101 )
2017-06-11 00:24:38 -07:00
dc1da9adc3
clarify recv() and send() on SSLObject ( #2100 )
...
SSLObject has recv() and send(), but they don't do any network io.
2017-06-11 00:15:14 -07:00
63c2c8ac17
bpo-19180: Updated references for RFC 1750, RFC 3280 & RFC 4366 (GH-148)
...
* RFC 1750 has been been obsoleted by RFC 4086.
* RFC 3280 has been obsoleted by RFC 5280.
* RFC 4366 has been obsoleted by RFC 6066.
2017-06-09 19:43:58 +10:00
d4069de511
Clean up some confusing text left by PROTOCOL_SSLv23 -> PROTOCOL_TLS transition ( #1355 )
2017-05-01 22:43:31 -07:00
7b2491a6aa
bpo-27200: Fix pathlib, ssl, turtle and weakref doctests (GH-616)
2017-04-13 17:17:59 +03:00
275104e86b
In SSL module version examples, don't use a legacy version. ( #381 )
2017-03-02 11:23:19 +01:00
1cf2a809b1
Fixed a handful of typos (GH-343)
2017-02-28 19:26:56 -08:00
d93c4de522
Fix usage of data directive
2017-02-06 13:37:19 +03:00
7d6dda4b78
Issue #19795 : Improved more markups of True/False.
2016-10-19 18:36:51 +03:00
4adf01caae
Issue #19795 : Improved more markups of True/False.
2016-10-19 18:30:05 +03:00
989db5c880
Issue #19795 : Mark up None as literal text.
2016-10-19 16:37:13 +03:00
ecf41da83e
Issue #19795 : Mark up None as literal text.
2016-10-19 16:29:26 +03:00
ed9c0706cf
Explain why PROTOCOL_SSLv23 does not support SSLv2 and SSLv3 by default.
2016-09-13 13:27:26 +02:00
17352fff92
Explain why PROTOCOL_SSLv23 does not support SSLv2 and SSLv3 by default.
2016-09-13 12:09:55 +02:00
c4d2e500a9
Update whatsnew with my contributions
2016-09-12 01:14:35 +02:00
5fe668c672
Issue #28085 : Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContext
2016-09-12 00:01:11 +02:00
99a6570295
Issue #19500 : Add client-side SSL session resumption to the ssl module.
2016-09-10 23:44:53 +02:00
d04863771b
Issue #28022 : Deprecate ssl-related arguments in favor of SSLContext.
...
The deprecation include manual creation of SSLSocket and certfile/keyfile
(or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib.
ssl.wrap_socket() is not marked as deprecated yet.
2016-09-10 23:23:33 +02:00
358cfd426c
Issue 28043: SSLContext has improved default settings
...
The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
2016-09-10 22:43:48 +02:00
3aeacad561
Issue #28025 : Convert all ssl module constants to IntEnum and IntFlags.
2016-09-10 00:19:35 +02:00
03d13c0cbf
Issues #27850 and #27766 : Remove 3DES from ssl default cipher list and add ChaCha20 Poly1305.
2016-09-06 20:06:47 +02:00
598894ff48
Issue #26470 : Port ssl and hashlib module to OpenSSL 1.1.0.
2016-09-05 23:19:05 +02:00
ac041c0aa7
Issues #27850 and #27766 : Remove 3DES from ssl default cipher list and add ChaCha20 Poly1305.
2016-09-06 20:07:58 +02:00
25bfcd5d9e
Issue #27866 : Add SSLContext.get_ciphers() method to get a list of all enabled ciphers.
2016-09-06 00:04:45 +02:00
01113faef9
Issue #26470 : Port ssl and hashlib module to OpenSSL 1.1.0.
2016-09-05 23:23:24 +02:00
fa089b9b0b
Issue #22558 : Add remaining doc links to source code for Python-coded modules.
...
Reformat header above separator line (added if missing) to a common format.
Patch by Yoni Lavi.
2016-06-11 15:02:54 -04:00
dba903993a
Issue #23921 : Standardized documentation whitespace formatting.
...
Original patch by James Edwards.
2016-05-10 12:01:23 +03:00
6dff0205b7
Issue #26736 : Used HTTPS for external links in the documentation if possible.
2016-05-07 10:49:07 +03:00
f6b1d66a3c
Issue #23804 : Fix SSL recv/read(0) to not return 1024 bytes
2016-03-28 00:22:09 +00:00
5d94134040
Closes #25910 : fix dead and permanently redirected links in the docs. Thanks to SilentGhost for the patch.
2016-02-26 19:37:12 +01:00
8c16cb9f65
Closes #26435 : fix syntax in directives. Thanks to Jakub Stasiak.
2016-02-25 20:17:45 +01:00
4981dd2cb8
Fixed merging error in 3ebeeed1eb28.
...
Thanks Марк Коренберг.
2015-11-06 11:19:42 +02:00
4827e488a4
Merge spelling fixes from 3.4 into 3.5
2015-10-31 12:16:18 +00:00
1f1177d69a
Fix some spelling errors in documentation and code comments
2015-10-31 11:48:53 +00:00
fee05daef8
Issue #24232 : Fix typos. Patch by Ville Skyttä.
2015-05-19 01:38:05 +03:00
315e104d11
Issue #24232 : Fix typos. Patch by Ville Skyttä.
2015-05-19 01:36:55 +03:00
b9f2ab9eae
Fix duplicate doc entry for SSLContext.get_ca_certs()
...
(closes #18147 )
2015-04-13 21:06:51 +02:00
97aa953550
Fix duplicate doc entry for SSLContext.get_ca_certs()
...
(closes #18147 )
2015-04-13 21:06:15 +02:00
1c69c3e3d8
use imperative
2015-04-11 07:42:42 -04:00
eb7a97c48e
Issue #23025 : Add a mention of os.urandom to RAND_bytes and RAND_pseudo_bytes docs.
...
Patch by Alex Gaynor.
2015-04-10 16:19:13 +03:00
339e3f33b6
merge 3.4
2015-04-11 07:44:45 -04:00
2ce11d296c
Null merge
2015-04-10 16:22:14 +03:00
a7b9a1f4df
Issue #23025 : Add a mention of os.urandom to RAND_bytes and RAND_pseudo_bytes docs.
...
Patch by Alex Gaynor.
2015-04-10 16:19:44 +03:00
Felipe
Christian Heimes
Benjamin Peterson
Chandan Kumar
Nathaniel J. Smith
Marco Buttu
Alex Gaynor
Berker Peksag
Serhiy Storchaka
Terry Jan Reedy
Martin Panter
Georg Brandl
Antoine Pitrou