diff options
author | Christian Heimes <christian@python.org> | 2016-09-10 20:43:48 (GMT) |
---|---|---|
committer | Christian Heimes <christian@python.org> | 2016-09-10 20:43:48 (GMT) |
commit | 358cfd426ccc0fcd6a7940d306602138e76420ae (patch) | |
tree | d57ee1b7dbe174fb49f35c4eac449e4404a96357 /Doc | |
parent | 70360194c768efb0b26d524d5b94d4da963d632a (diff) | |
download | cpython-358cfd426ccc0fcd6a7940d306602138e76420ae.zip cpython-358cfd426ccc0fcd6a7940d306602138e76420ae.tar.gz cpython-358cfd426ccc0fcd6a7940d306602138e76420ae.tar.bz2 |
Issue 28043: SSLContext has improved default settings
The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
Diffstat (limited to 'Doc')
-rw-r--r-- | Doc/library/ssl.rst | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index 2285237..98008fa 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -1191,7 +1191,14 @@ to speed up repeated connections from the same clients. .. versionchanged:: 3.6 - :data:`PROTOCOL_TLS` is the default value. + The context is created with secure default values. The options + :data:`OP_NO_COMPRESSION`, :data:`OP_CIPHER_SERVER_PREFERENCE`, + :data:`OP_SINGLE_DH_USE`, :data:`OP_SINGLE_ECDH_USE`, + :data:`OP_NO_SSLv2` (except for :data:`PROTOCOL_SSLv2`), + and :data:`OP_NO_SSLv3` (except for :data:`PROTOCOL_SSLv3`) are + set by default. The initial cipher suite list contains only ``HIGH`` + ciphers, no ``NULL`` ciphers and no ``MD5`` ciphers (except for + :data:`PROTOCOL_SSLv2`). :class:`SSLContext` objects have the following methods and attributes: |