diff options
author | Antoine Pitrou <solipsis@pitrou.net> | 2010-04-17 17:10:38 (GMT) |
---|---|---|
committer | Antoine Pitrou <solipsis@pitrou.net> | 2010-04-17 17:10:38 (GMT) |
commit | 0a6373c1a928e80c8c3fa9b88d925b3dccc5afc4 (patch) | |
tree | a943cdb41cc6eaf54fc12b0dc225b086e4111bc5 /Doc/library | |
parent | 7794b5b52f8c5c4bf465a44a53025e9b6fa49592 (diff) | |
download | cpython-0a6373c1a928e80c8c3fa9b88d925b3dccc5afc4.zip cpython-0a6373c1a928e80c8c3fa9b88d925b3dccc5afc4.tar.gz cpython-0a6373c1a928e80c8c3fa9b88d925b3dccc5afc4.tar.bz2 |
Issue #8322: Add a *ciphers* argument to SSL sockets, so as to change the
available cipher list. Helps fix test_ssl with OpenSSL 1.0.0.
Diffstat (limited to 'Doc/library')
-rw-r--r-- | Doc/library/ssl.rst | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index 5d8ca3c..0d19fb9 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -50,7 +50,7 @@ Functions, Constants, and Exceptions is a subtype of :exc:`socket.error`, which in turn is a subtype of :exc:`IOError`. -.. function:: wrap_socket (sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version={see docs}, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True) +.. function:: wrap_socket (sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version={see docs}, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None) Takes an instance ``sock`` of :class:`socket.socket`, and returns an instance of :class:`ssl.SSLSocket`, a subtype of :class:`socket.socket`, which wraps @@ -113,14 +113,23 @@ Functions, Constants, and Exceptions ======================== ========= ========= ========== ========= *client* / **server** **SSLv2** **SSLv3** **SSLv23** **TLSv1** ------------------------ --------- --------- ---------- --------- - *SSLv2* yes no yes* no + *SSLv2* yes no yes no *SSLv3* yes yes yes no *SSLv23* yes no yes no *TLSv1* no no yes yes ======================== ========= ========= ========== ========= - In some older versions of OpenSSL (for instance, 0.9.7l on OS X 10.4), an - SSLv2 client could not connect to an SSLv23 server. + .. note:: + + This information varies depending on the version of OpenSSL. + For instance, in some older versions of OpenSSL (such as 0.9.7l on + OS X 10.4), an SSLv2 client could not connect to an SSLv23 server. + Conversely, starting from 1.0.0, an SSLv23 client will actually + try the SSLv3 protocol unless you explicitly enable SSLv2 ciphers. + + The parameter ``ciphers`` sets the available ciphers for this SSL object. + It should be a string in the `OpenSSL cipher list format + <http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT>`_. The parameter ``do_handshake_on_connect`` specifies whether to do the SSL handshake automatically after doing a :meth:`socket.connect`, or whether the @@ -135,6 +144,9 @@ Functions, Constants, and Exceptions normal EOF in response to unexpected EOF errors raised from the underlying socket; if :const:`False`, it will raise the exceptions back to the caller. + .. versionchanged:: 2.7 + New optional argument *ciphers*. + .. function:: RAND_status() Returns True if the SSL pseudo-random number generator has been seeded with |