On Sat, 30 Nov 2013 19:29:37 +0100 Christian Heimes <christian at python.org> wrote: > This fix requires only a new SSLContext attribute and a small > modification to SSLSocket.do_handshake(): > > if self.context.check_hostname: > try: > match_hostname(self.getpeercert(), self.server_hostname) > except Exception: > self.shutdown(_SHUT_RDWR) > self.close() > raise Small nit: what happens if the server_hostname is None (i.e. wasn't passed to context.wrap_socket())? > The default settings for all stdlib modules will still be verify_mode = > CERT_NONE and check_hostname = False for maximum backward compatibility. > Python 3.4 comes with a new function ssl.create_default_context() that > returns a new context with best practice settings and loaded root CA > certs. The settings are TLS 1.0, no weak and insecure ciphers (no MD5, > no RC4), no compression (CRIME attack), CERT_REQUIRED and check_hostname > = True (for client side only). Sounds fine to me, thanks. Regards Antoine.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4