summaryrefslogtreecommitdiffstats
path: root/Doc/distutils/sourcedist.rst
diff options
context:
space:
mode:
authorDonald Stufft <donald@stufft.io>2014-03-23 23:05:28 (GMT)
committerDonald Stufft <donald@stufft.io>2014-03-23 23:05:28 (GMT)
commit6a2ba949089754dafe69d56ce0398f4b8847a4e2 (patch)
tree5a4463201c01486e368c2c3a74f7b1240ea02f87 /Doc/distutils/sourcedist.rst
parent553e108fce5673072e709d85c4b4de817f7057b1 (diff)
downloadcpython-6a2ba949089754dafe69d56ce0398f4b8847a4e2.zip
cpython-6a2ba949089754dafe69d56ce0398f4b8847a4e2.tar.gz
cpython-6a2ba949089754dafe69d56ce0398f4b8847a4e2.tar.bz2
Issue #21013: Enhance ssl.create_default_context() for server side contexts
Closes #21013 by modfying ssl.create_default_context() to: * Move the restricted ciphers to only apply when using ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not is the lack of RC4 in the restricted. However there are servers that exist that only expose RC4 still. * Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context will select TLS1.1 or TLS1.2 if it is available. * Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets * Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security of the perfect forward secrecy * Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side socket the context will prioritize our ciphers which have been carefully selected to maximize security and performance. * Documents the failure conditions when a SSL3.0 connection is required so that end users can more easily determine if they need to unset ssl.OP_NO_SSLv3.
Diffstat (limited to 'Doc/distutils/sourcedist.rst')
0 files changed, 0 insertions, 0 deletions