Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2014-January/131993.html below:

[Python-Dev] Enable Hostname and Certificate Chain Validation

• Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 23 Jan 2014 01:45:15 -0500
Scott Dial <scott+python-dev at scottdial.com> wrote:
> 
> Anecdotally, I already know of a system at work that is using HTTPS
> purely for encryption, because the authentication is done in-band. So, a
> self-signed cert was wholly sufficient. The management tools use a
> RESTful interface over HTTPS for control, but you are telling me this
> will be broken by default now. What do I tell our developers (who often
> adopt the latest and greatest versions of things to play with)?

That the system may be vulnerable to MITM attacks? (depending on how
the authentication is done)

Regards

Antoine.

• Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4