summaryrefslogtreecommitdiffstats
path: root/Doc
diff options
context:
space:
mode:
authorChristian Heimes <christian@python.org>2016-09-10 20:43:48 (GMT)
committerChristian Heimes <christian@python.org>2016-09-10 20:43:48 (GMT)
commit358cfd426ccc0fcd6a7940d306602138e76420ae (patch)
treed57ee1b7dbe174fb49f35c4eac449e4404a96357 /Doc
parent70360194c768efb0b26d524d5b94d4da963d632a (diff)
downloadcpython-358cfd426ccc0fcd6a7940d306602138e76420ae.zip
cpython-358cfd426ccc0fcd6a7940d306602138e76420ae.tar.gz
cpython-358cfd426ccc0fcd6a7940d306602138e76420ae.tar.bz2
Issue 28043: SSLContext has improved default settings
The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
Diffstat (limited to 'Doc')
-rw-r--r--Doc/library/ssl.rst9
1 files changed, 8 insertions, 1 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 2285237..98008fa 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -1191,7 +1191,14 @@ to speed up repeated connections from the same clients.
.. versionchanged:: 3.6
- :data:`PROTOCOL_TLS` is the default value.
+ The context is created with secure default values. The options
+ :data:`OP_NO_COMPRESSION`, :data:`OP_CIPHER_SERVER_PREFERENCE`,
+ :data:`OP_SINGLE_DH_USE`, :data:`OP_SINGLE_ECDH_USE`,
+ :data:`OP_NO_SSLv2` (except for :data:`PROTOCOL_SSLv2`),
+ and :data:`OP_NO_SSLv3` (except for :data:`PROTOCOL_SSLv3`) are
+ set by default. The initial cipher suite list contains only ``HIGH``
+ ciphers, no ``NULL`` ciphers and no ``MD5`` ciphers (except for
+ :data:`PROTOCOL_SSLv2`).
:class:`SSLContext` objects have the following methods and attributes: