Movatterモバイル変換


[0]ホーム

URL:


homepage

Issue28043

This issue trackerhas been migrated toGitHub, and is currentlyread-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title:Sane defaults for SSLContext options and ciphers
Type:securityStage:resolved
Components:Extension Modules, Library (Lib)Versions:Python 3.7, Python 3.6
process
Status:closedResolution:fixed
Dependencies:Superseder:
Assigned To: christian.heimesNosy List: alex, christian.heimes, dstufft, giampaolo.rodola, janssen, ncoghlan, python-dev, vstinner
Priority:highKeywords:patch

Created on2016-09-09 11:18 bychristian.heimes, last changed2022-04-11 14:58 byadmin. This issue is nowclosed.

Files
File nameUploadedDescriptionEdit
Sane-defaults-for-SSLContext-options-and-ciphers.patchchristian.heimes,2016-09-09 11:18review
Pull Requests
URLStatusLinkedEdit
PR 10608mergedcstratak,2018-11-20 16:00
Messages (6)
msg275310 -(view)Author: Christian Heimes (christian.heimes)*(Python committer)Date: 2016-09-09 11:18
I like to introduce sane defaults for SSLContext options and ciphers:Changed in version 3.6: The context is created with more secure default values. PROTOCOL_TLS is the default protocol. The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
msg275604 -(view)Author: Alyssa Coghlan (ncoghlan)*(Python committer)Date: 2016-09-10 09:20
+1 from me for a model where ssl.get_default_context() can change in maintenance releases, while the ssl.SSLContext defaults get updated for feature releases.
msg275637 -(view)Author: Christian Heimes (christian.heimes)*(Python committer)Date: 2016-09-10 13:57
I'm planning to remove PROTOCOL_TLS again and replace it with something more sensible.
msg275694 -(view)Author: Roundup Robot (python-dev)(Python triager)Date: 2016-09-10 20:43
New changeset1b4c5d06c028 by Christian Heimes in branch 'default':Issue 28043: SSLContext has improved default settingshttps://hg.python.org/cpython/rev/1b4c5d06c028
msg301419 -(view)Author: Christian Heimes (christian.heimes)*(Python committer)Date: 2017-09-06 00:53
3.6 and master are looking good. Should I backport the fix to 2.7, too?
msg335615 -(view)Author: STINNER Victor (vstinner)*(Python committer)Date: 2019-02-15 14:24
New changesetb8eaec697a2b5d9d2def2950a0aa50e8ffcf1059 by Victor Stinner (stratakis) in branch '2.7':[2.7]bpo-28043: improved default settings for SSLContext (GH-10608)https://github.com/python/cpython/commit/b8eaec697a2b5d9d2def2950a0aa50e8ffcf1059
History
DateUserActionArgs
2022-04-11 14:58:36adminsetgithub: 72230
2019-05-29 01:17:06cheryl.sabellalinkissue34818 superseder
2019-04-08 22:50:22cheryl.sabellasetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2019-02-15 14:24:18vstinnersetnosy: +vstinner
messages: +msg335615
2018-11-20 16:00:30cstrataksetstage: commit review -> patch review
pull_requests: +pull_request9851
2017-09-06 00:55:56christian.heimeslinkissue20994 superseder
2017-09-06 00:53:37christian.heimessetstatus: pending -> open

messages: +msg301419
2016-09-10 20:44:30christian.heimessetstatus: open -> pending
assignee:christian.heimes
stage: patch review -> commit review
2016-09-10 20:43:56python-devsetnosy: +python-dev
messages: +msg275694
2016-09-10 13:57:44christian.heimessetmessages: +msg275637
2016-09-10 09:20:43ncoghlansetmessages: +msg275604
2016-09-09 11:18:41christian.heimescreate
Supported byThe Python Software Foundation,
Powered byRoundup
Copyright © 1990-2022,Python Software Foundation
Legal Statements

[8]ページ先頭

©2009-2026 Movatter.jp