diff options
author | Benjamin Peterson <benjamin@python.org> | 2015-04-08 15:11:00 (GMT) |
---|---|---|
committer | Benjamin Peterson <benjamin@python.org> | 2015-04-08 15:11:00 (GMT) |
commit | 6f362fa6c83abe4c8bdbd7dfd2f27e777995f765 (patch) | |
tree | 6b7647764d74c2ce2a987b3db83c94179eb30688 | |
parent | 7ecfc82edbe5ccb125f53b92447abd4bc155ba1c (diff) | |
download | cpython-6f362fa6c83abe4c8bdbd7dfd2f27e777995f765.zip cpython-6f362fa6c83abe4c8bdbd7dfd2f27e777995f765.tar.gz cpython-6f362fa6c83abe4c8bdbd7dfd2f27e777995f765.tar.bz2 |
actually ssl3 is just completely broken
-rw-r--r-- | Doc/library/ssl.rst | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index a1162f4..465bf8f 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -263,13 +263,13 @@ purposes. .. note:: If you find that when certain older clients or servers attempt to connect - with a :class:`SSLContext` created by this function that they get an - error stating "Protocol or cipher suite mismatch", it may be that they - only support SSL3.0 which this function excludes using the - :data:`OP_NO_SSLv3`. SSL3.0 has problematic security due to a number of - poor implementations and it's reliance on MD5 within the protocol. If you - wish to continue to use this function but still allow SSL 3.0 connections - you can re-enable them using:: + with a :class:`SSLContext` created by this function that they get an error + stating "Protocol or cipher suite mismatch", it may be that they only + support SSL3.0 which this function excludes using the + :data:`OP_NO_SSLv3`. SSL3.0 is widely considered to be `completely broken + <https://en.wikipedia.org/wiki/POODLE>`_. If you still wish to continue to + use this function but still allow SSL 3.0 connections you can re-enable + them using:: ctx = ssl.create_default_context(Purpose.CLIENT_AUTH) ctx.options &= ~ssl.OP_NO_SSLv3 |