On Wed, 15 Oct 2014 01:16:26 +0200 Victor Stinner <victor.stinner at gmail.com> wrote: > Hi, > > I opened an issue to track this vulnerability: > http://bugs.python.org/issue22638 > > SSL 3.0 is 8 years old, I guess that TLS is now widely deployed and > well supported? > > I guess that Linux vendors will have to fix the issues directly in > OpenSSL directly. Should Python only be changed on Windows? If OpenSSL gets a patch, we can simply update the OpenSSL version used for Windows installers. > Or do you want to modify Python to disable SSLv3 in the ssl module? > OpenSSL provides a SSL_OP_NO_SSLv2 option for SSL context. Is there a > SSL_OP_NO_SSLv3 option? Or only change the constructor of > ssl.SSLContext? Please let's not have this discussion on two different channels. *Either* the bug tracker or the mailing-list. Thank you Antoine.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4