changeset:   93549:f762cbb712de
branch:      2.7
parent:      93541:414332e55f6c
user:        Antoine Pitrou <solipsis@pitrou.net>
date:        Fri Oct 17 19:28:30 2014 +0200
files:       Lib/ssl.py
description:
Backport disabling of SSLv3 in ssl._create_stdlib_context() (issue #22638).

The backport currently doesn't achieve anything since the function isn't used (yet).


diff -r 414332e55f6c -r f762cbb712de Lib/ssl.py
--- a/Lib/ssl.py	Sat Nov 22 16:03:40 2014 -0800
+++ b/Lib/ssl.py	Fri Oct 17 19:28:30 2014 +0200
@@ -445,6 +445,9 @@
     context = SSLContext(protocol)
     # SSLv2 considered harmful.
     context.options |= OP_NO_SSLv2
+    # SSLv3 has problematic security and is only required for really old
+    # clients such as IE6 on Windows XP
+    context.options |= OP_NO_SSLv3
 
     if cert_reqs is not None:
         context.verify_mode = cert_reqs