summaryrefslogtreecommitdiffstats
path: root/Doc/library
diff options
context:
space:
mode:
Diffstat (limited to 'Doc/library')
-rw-r--r--Doc/library/ssl.rst22
1 files changed, 20 insertions, 2 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 8d14ae9..73aa0a5 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -346,6 +346,24 @@ Certificate handling
.. versionchanged:: 3.3
This function is now IPv6-compatible.
+.. function:: create_default_context(purpose=Purpose.SERVER_AUTH, cafile=None, capath=None, cadata=None)
+
+ Create a :class:`SSLContext` with default settings.
+
+ The current settings are: :data:`PROTOCOL_TLSv1` with high encryption
+ cipher suites without RC4 and without unauthenticated cipher suites. The
+ *purpose* :data:`Purpose.SERVER_AUTH` sets verify_mode to
+ :data:`CERT_REQUIRED` and either loads CA certs (when at least one of
+ *cafile*, *capath* or *cadata* is given) or uses
+ :meth:`SSLContext.load_default_certs` to load default CA certs.
+
+ .. note::
+ The protocol, options, cipher and other settings may change to more
+ restrictive values anytime without prior deprecation. The values
+ represent a fair balance between maximum compatibility and security.
+
+ .. versionadded:: 3.4
+
.. function:: DER_cert_to_PEM_cert(DER_cert_bytes)
Given a certificate as a DER-encoded blob of bytes, returns a PEM-encoded
@@ -688,7 +706,7 @@ Constants
.. versionadded:: 3.4
-.. data:: Purpose.clientAuth
+.. data:: Purpose.CLIENT_AUTH
Option for :meth:`SSLContext.load_default_certs` to load CA certificates
for TLS web client authentication (server side socket).
@@ -928,7 +946,7 @@ to speed up repeated connections from the same clients.
The *purpose* flag specifies what kind of CA certificates are loaded. The
default settings :data:`Purpose.SERVER_AUTH` loads certificates, that are
flagged and trusted for TLS web server authentication (client side
- sockets). :data:`Purpose.clientAuth` loads CA certificates for client
+ sockets). :data:`Purpose.CLIENT_AUTH` loads CA certificates for client
certificate verification on the server side.
.. versionadded:: 3.4
generated by cgit v0.12 at 2024-12-04 05:44:38 (GMT)