summaryrefslogtreecommitdiffstats
path: root/Lib/ssl.py
Commit message (Collapse)AuthorAgeFilesLines
* Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵Christian Heimes2016-09-061-15/+21
|\ | | | | | | ChaCha20 Poly1305.
| * Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵Christian Heimes2016-09-061-15/+21
| | | | | | | | ChaCha20 Poly1305.
* | Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-8/+10
|\ \ | |/
| * Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-8/+10
| |
* | Issue #27114: Fix SSLContext._load_windows_store_certs fails with ↵Steve Dower2016-05-261-5/+9
|\ \ | |/ | | | | PermissionError
| * Issue #27114: Fix SSLContext._load_windows_store_certs fails with ↵Steve Dower2016-05-261-5/+9
| | | | | | | | PermissionError
* | Issue #25951: Fix SSLSocket.sendall() to return None, by Aviv PalivodaMartin Panter2016-04-031-1/+0
|/
* Issue #23804: Fix SSL recv/read(0) to not return 1024 bytesMartin Panter2016-03-281-3/+3
|
* Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store ↵Steve Dower2016-03-171-1/+2
| | | | is empty. Patch by Baji.
* issue23673Ethan Furman2015-03-191-4/+4
| | | | | | | | | add private method to enum to support replacing global constants with Enum members: - search for candidate constants via supplied filter - create new enum class and members - insert enum class and replace constants with members via supplied module name - replace __reduce_ex__ with function that returns member name, so previous Python versions can unpickle modify IntEnum classes to use new method
* merge 3.4Benjamin Peterson2015-03-051-2/+1
|\
| * use _import_symbols to import VERIFY_* constantsBenjamin Peterson2015-03-051-2/+1
| |
* | merge 3.4 (#23481)Benjamin Peterson2015-02-191-4/+2
|\ \ | |/
| * remove rc4 from the default client ciphers (closes #23481)Benjamin Peterson2015-02-191-4/+2
| |
| * Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. TheVictor Stinner2015-01-061-1/+6
| | | | | | | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil.
| * Issue #20896, #22935: The ssl.get_server_certificate() function now uses theVictor Stinner2015-01-061-1/+1
| | | | | | | | | | | | ssl.PROTOCOL_SSLv23 protocol by default, not ssl.PROTOCOL_SSLv3, for maximum compatibility and support platforms where ssl.PROTOCOL_SSLv3 support is disabled.
| * Issue #22935: Fix ssl module when SSLv3 protocol is not supportedVictor Stinner2014-12-121-6/+2
| |
* | Issue #23239: ssl.match_hostname() now supports matching of IP addresses.Antoine Pitrou2015-02-151-1/+22
| |
* | add support for ALPN (closes #20188)Benjamin Peterson2015-01-231-1/+26
| |
* | remove extra definite articleBenjamin Peterson2015-01-111-2/+2
| |
* | explain None can be returnedBenjamin Peterson2015-01-071-1/+3
| |
* | expose the client's cipher suites from the handshake (closes #23186)Benjamin Peterson2015-01-071-0/+10
| |
* | Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. TheVictor Stinner2014-11-281-1/+6
| | | | | | | | | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil.
* | merge 3.4 (#22921)Benjamin Peterson2014-11-231-6/+1
|\ \ | |/
| * don't require OpenSSL SNI to pass hostname to ssl functions (#22921)Benjamin Peterson2014-11-231-6/+1
| | | | | | | | Patch by Donald Stufft.
| * Issue #22638: SSLv3 is now disabled throughout the standard library.Antoine Pitrou2014-10-171-0/+3
| | | | | | | | It can still be enabled by instantiating a SSLContext manually.
* | merge 3.4 (#22417)Benjamin Peterson2014-11-031-2/+8
|\ \ | |/
| * PEP 476: enable HTTPS certificate verification by default (#22417)Benjamin Peterson2014-11-031-2/+9
| | | | | | | | Patch by Alex Gaynor with some modifications by me.
* | Issue #22186: Fix typos in Lib/.Berker Peksag2014-10-191-1/+1
|\ \ | |/ | | | | Patch by Févry Thibault.
| * Issue #22186: Fix typos in Lib/.Berker Peksag2014-10-191-1/+1
| | | | | | | | Patch by Févry Thibault.
* | Issue #22638: SSLv3 is now disabled throughout the standard library.Antoine Pitrou2014-10-171-0/+3
| | | | | | | | It can still be enabled by instantiating a SSLContext manually.
* | Remove unused "block" argument in SSLObject.do_handshake() (issue #21965)Antoine Pitrou2014-10-051-1/+1
| |
* | Issue #21965: Add support for in-memory SSL to the ssl module.Antoine Pitrou2014-10-051-24/+139
| | | | | | | | Patch by Geert Jansen.
* | merge 3.4 (#22449)Benjamin Peterson2014-10-031-2/+1
|\ \ | |/
| * also use openssl envvars to find certs on windows (closes #22449)Benjamin Peterson2014-10-031-2/+1
| | | | | | | | Patch by Christian Heimes and Alex Gaynor.
* | Issue #20421: Add a .version() method to SSL sockets exposing the actual ↵Antoine Pitrou2014-09-041-0/+9
| | | | | | | | protocol version in use.
* | fix issue #17552: add socket.sendfile() method allowing to send a file over ↵Giampaolo Rodola'2014-06-111-0/+10
| | | | | | | | a socket by using high-performance os.sendfile() on UNIX. Patch by Giampaolo Rodola'·
* | Issue #20951: SSLSocket.send() now raises either SSLWantReadError or ↵Antoine Pitrou2014-04-291-11/+1
| | | | | | | | | | | | SSLWantWriteError on a non-blocking socket if the operation would block. Previously, it would return 0. Patch by Nikolaus Rath.
* | Issue #19940: ssl.cert_time_to_seconds() now interprets the given time ↵Antoine Pitrou2014-04-281-5/+27
| | | | | | | | | | | | string in the UTC timezone (as specified in RFC 5280), not the local timezone. Patch by Akira.
* | Issue #21068: The ssl.PROTOCOL* constants are now enum members.Antoine Pitrou2014-04-181-19/+8
| |
* | Issue #20896: ssl.get_server_certificate() now uses PROTOCOL_SSLv23, not ↵Antoine Pitrou2014-04-161-1/+1
|/ | | | PROTOCOL_SSLv3, for maximum compatibility.
* Issue #21013: Enhance ssl.create_default_context() for server side contextsDonald Stufft2014-03-231-6/+24
| | | | | | | | | | | | | | | | | | | | Closes #21013 by modfying ssl.create_default_context() to: * Move the restricted ciphers to only apply when using ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not is the lack of RC4 in the restricted. However there are servers that exist that only expose RC4 still. * Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context will select TLS1.1 or TLS1.2 if it is available. * Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets * Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security of the perfect forward secrecy * Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side socket the context will prioritize our ciphers which have been carefully selected to maximize security and performance. * Documents the failure conditions when a SSL3.0 connection is required so that end users can more easily determine if they need to unset ssl.OP_NO_SSLv3.
* Issue #20995: Enhance default ciphers used by the ssl moduleDonald Stufft2014-03-221-8/+31
| | | | | | | | | | | | | | | Closes #20995 by Enabling better security by prioritizing ciphers such that: * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) * Prefer ECDHE over DHE for better performance * Prefer any AES-GCM over any AES-CBC for better performance and security * Then Use HIGH cipher suites as a fallback * Then Use 3DES as fallback which is secure but slow * Finally use RC4 as a fallback which is problematic but needed for compatibility some times. * Disable NULL authentication, NULL encryption, and MD5 MACs for security reasons
* Issue #20976: pyflakes: Remove unused importsVictor Stinner2014-03-201-3/+0
|
* Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, ↵Antoine Pitrou2013-12-281-0/+5
|\ | | | | | | rather than silently let them emit clear text data.
| * Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, ↵Antoine Pitrou2013-12-281-0/+5
| | | | | | | | rather than silently let them emit clear text data.
* | Issue #19509: Don't close the socket in do_handshake() when hostname ↵Christian Heimes2013-12-041-9/+4
| | | | | | | | verification fails.
* | add check_hostname arg to ssl._create_stdlib_context()Christian Heimes2013-12-021-1/+2
| |
* | Issue #19509: Add SSLContext.check_hostname to match the peer's certificateChristian Heimes2013-12-021-5/+27
| | | | | | | | with server_hostname on handshake.
* | ssl.create_default_context() sets OP_NO_COMPRESSION to prevent CRIMEChristian Heimes2013-11-281-0/+2
| |