diff options
| author | Antoine Pitrou <solipsis@pitrou.net> | 2014-03-22 17:19:11 (GMT) |
|---|---|---|
| committer | Antoine Pitrou <solipsis@pitrou.net> | 2014-03-22 17:19:11 (GMT) |
| commit | c5e075ff03693934ef50b1cde130ccf8dfda3843 (patch) | |
| tree | eb66c49abff1185f2f1f63f61c6aa67a18aa7f4e /Doc/library/imaplib.rst | |
| parent | 0bebbc33faae7ac10e7a7980b260e786f05d81bf (diff) | |
| download | cpython-c5e075ff03693934ef50b1cde130ccf8dfda3843.zip cpython-c5e075ff03693934ef50b1cde130ccf8dfda3843.tar.gz cpython-c5e075ff03693934ef50b1cde130ccf8dfda3843.tar.bz2 | |
Issue #20913: improve the SSL security considerations to first advocate using create_default_context().
Diffstat (limited to 'Doc/library/imaplib.rst')
| -rw-r--r-- | Doc/library/imaplib.rst | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/Doc/library/imaplib.rst b/Doc/library/imaplib.rst index be2f599..39f6919 100644 --- a/Doc/library/imaplib.rst +++ b/Doc/library/imaplib.rst @@ -69,21 +69,25 @@ There's also a subclass for secure connections: This is a subclass derived from :class:`IMAP4` that connects over an SSL encrypted socket (to use this class you need a socket module that was compiled with SSL support). If *host* is not specified, ``''`` (the local host) is used. - If *port* is omitted, the standard IMAP4-over-SSL port (993) is used. *keyfile* - and *certfile* are also optional - they can contain a PEM formatted private key - and certificate chain file for the SSL connection. *ssl_context* parameter is a - :class:`ssl.SSLContext` object which allows bundling SSL configuration - options, certificates and private keys into a single (potentially long-lived) - structure. Note that the *keyfile*/*certfile* parameters are mutually exclusive with *ssl_context*, - a :class:`ValueError` is raised if *keyfile*/*certfile* is provided along with *ssl_context*. + If *port* is omitted, the standard IMAP4-over-SSL port (993) is used. + *ssl_context* is a :class:`ssl.SSLContext` object which allows bundling + SSL configuration options, certificates and private keys into a single + (potentially long-lived) structure. Please read :ref:`ssl-security` for + best practices. + + *keyfile* and *certfile* are a legacy alternative to *ssl_context* - they + can point to PEM-formatted private key and certificate chain files for + the SSL connection. Note that the *keyfile*/*certfile* parameters are + mutually exclusive with *ssl_context*, a :class:`ValueError` is raised + if *keyfile*/*certfile* is provided along with *ssl_context*. .. versionchanged:: 3.3 *ssl_context* parameter added. .. versionchanged:: 3.4 The class now supports hostname check with - :attr:`SSLContext.check_hostname` and *Server Name Indicator* (see - :data:`~ssl.HAS_SNI`). + :attr:`ssl.SSLContext.check_hostname` and *Server Name Indication* (see + :data:`ssl.HAS_SNI`). The second subclass allows for connections created by a child process: @@ -437,14 +441,15 @@ An :class:`IMAP4` instance has the following methods: Send a ``STARTTLS`` command. The *ssl_context* argument is optional and should be a :class:`ssl.SSLContext` object. This will enable - encryption on the IMAP connection. + encryption on the IMAP connection. Please read :ref:`ssl-security` for + best practices. .. versionadded:: 3.2 .. versionchanged:: 3.4 The method now supports hostname check with - :attr:`SSLContext.check_hostname` and *Server Name Indicator* (see - :data:`~ssl.HAS_SNI`). + :attr:`ssl.SSLContext.check_hostname` and *Server Name Indication* (see + :data:`ssl.HAS_SNI`). .. method:: IMAP4.status(mailbox, names) |