diff options
| author | Christian Heimes <christian@cheimes.de> | 2013-11-23 14:58:30 (GMT) |
|---|---|---|
| committer | Christian Heimes <christian@cheimes.de> | 2013-11-23 14:58:30 (GMT) |
| commit | 4c05b472ddd4634138b6abfa857ee37761d33185 (patch) | |
| tree | da4b06b3937c1f82f56ecd54e6a999af08e5f326 /Doc/library | |
| parent | 6b2ff98df45d3d1ca389f4ae07a2ef4e08257867 (diff) | |
| download | cpython-4c05b472ddd4634138b6abfa857ee37761d33185.zip cpython-4c05b472ddd4634138b6abfa857ee37761d33185.tar.gz cpython-4c05b472ddd4634138b6abfa857ee37761d33185.tar.bz2 | |
Issue #19689: Add ssl.create_default_context() factory function. It creates
a new SSLContext object with secure default settings.
Diffstat (limited to 'Doc/library')
| -rw-r--r-- | Doc/library/ssl.rst | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index 94bdcef..73aa0a5 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -346,6 +346,24 @@ Certificate handling .. versionchanged:: 3.3 This function is now IPv6-compatible. +.. function:: create_default_context(purpose=Purpose.SERVER_AUTH, cafile=None, capath=None, cadata=None) + + Create a :class:`SSLContext` with default settings. + + The current settings are: :data:`PROTOCOL_TLSv1` with high encryption + cipher suites without RC4 and without unauthenticated cipher suites. The + *purpose* :data:`Purpose.SERVER_AUTH` sets verify_mode to + :data:`CERT_REQUIRED` and either loads CA certs (when at least one of + *cafile*, *capath* or *cadata* is given) or uses + :meth:`SSLContext.load_default_certs` to load default CA certs. + + .. note:: + The protocol, options, cipher and other settings may change to more + restrictive values anytime without prior deprecation. The values + represent a fair balance between maximum compatibility and security. + + .. versionadded:: 3.4 + .. function:: DER_cert_to_PEM_cert(DER_cert_bytes) Given a certificate as a DER-encoded blob of bytes, returns a PEM-encoded |