summaryrefslogtreecommitdiffstats
path: root/Doc
diff options
context:
space:
mode:
authorAntoine Pitrou <solipsis@pitrou.net>2010-04-17 17:40:45 (GMT)
committerAntoine Pitrou <solipsis@pitrou.net>2010-04-17 17:40:45 (GMT)
commit2d9cb9c1cb3a7dd2e60a323271fbfe80854a6817 (patch)
treea34682efe1b686fe2dc9d04b7c8d71edb69ed4e9 /Doc
parentec8dfeb27e46f826b0c7f03196f70520a33828d6 (diff)
downloadcpython-2d9cb9c1cb3a7dd2e60a323271fbfe80854a6817.zip
cpython-2d9cb9c1cb3a7dd2e60a323271fbfe80854a6817.tar.gz
cpython-2d9cb9c1cb3a7dd2e60a323271fbfe80854a6817.tar.bz2
Merged revisions 80151 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk ........ r80151 | antoine.pitrou | 2010-04-17 19:10:38 +0200 (sam., 17 avril 2010) | 4 lines Issue #8322: Add a *ciphers* argument to SSL sockets, so as to change the available cipher list. Helps fix test_ssl with OpenSSL 1.0.0. ........
Diffstat (limited to 'Doc')
-rw-r--r--Doc/library/ssl.rst20
1 files changed, 16 insertions, 4 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 022a586..2fa470d 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -47,7 +47,7 @@ Functions, Constants, and Exceptions
is a subtype of :exc:`socket.error`, which in turn is a subtype of
:exc:`IOError`.
-.. function:: wrap_socket(sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version={see docs}, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True)
+.. function:: wrap_socket(sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version={see docs}, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None)
Takes an instance ``sock`` of :class:`socket.socket`, and returns an instance
of :class:`ssl.SSLSocket`, a subtype of :class:`socket.socket`, which wraps
@@ -110,14 +110,23 @@ Functions, Constants, and Exceptions
======================== ========= ========= ========== =========
*client* / **server** **SSLv2** **SSLv3** **SSLv23** **TLSv1**
------------------------ --------- --------- ---------- ---------
- *SSLv2* yes no yes* no
+ *SSLv2* yes no yes no
*SSLv3* yes yes yes no
*SSLv23* yes no yes no
*TLSv1* no no yes yes
======================== ========= ========= ========== =========
- In some older versions of OpenSSL (for instance, 0.9.7l on OS X 10.4), an
- SSLv2 client could not connect to an SSLv23 server.
+ .. note::
+
+ This information varies depending on the version of OpenSSL.
+ For instance, in some older versions of OpenSSL (such as 0.9.7l on
+ OS X 10.4), an SSLv2 client could not connect to an SSLv23 server.
+ Conversely, starting from 1.0.0, an SSLv23 client will actually
+ try the SSLv3 protocol unless you explicitly enable SSLv2 ciphers.
+
+ The parameter ``ciphers`` sets the available ciphers for this SSL object.
+ It should be a string in the `OpenSSL cipher list format
+ <http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT>`_.
The parameter ``do_handshake_on_connect`` specifies whether to do the SSL
handshake automatically after doing a :meth:`socket.connect`, or whether the
@@ -132,6 +141,9 @@ Functions, Constants, and Exceptions
normal EOF in response to unexpected EOF errors raised from the underlying
socket; if :const:`False`, it will raise the exceptions back to the caller.
+ .. versionchanged:: 2.7
+ New optional argument *ciphers*.
+
.. function:: RAND_status()
Returns True if the SSL pseudo-random number generator has been seeded with