Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵ | Christian Heimes | 2016-09-06 | 1 | -15/+21 |
|\ | | | | | | | ChaCha20 Poly1305. | ||||
| * | Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵ | Christian Heimes | 2016-09-06 | 1 | -15/+21 |
| | | | | | | | | ChaCha20 Poly1305. | ||||
* | | Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. | Christian Heimes | 2016-09-05 | 1 | -8/+10 |
|\ \ | |/ | |||||
| * | Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. | Christian Heimes | 2016-09-05 | 1 | -8/+10 |
| | | |||||
* | | Issue #27114: Fix SSLContext._load_windows_store_certs fails with ↵ | Steve Dower | 2016-05-26 | 1 | -5/+9 |
|\ \ | |/ | | | | | PermissionError | ||||
| * | Issue #27114: Fix SSLContext._load_windows_store_certs fails with ↵ | Steve Dower | 2016-05-26 | 1 | -5/+9 |
| | | | | | | | | PermissionError | ||||
* | | Issue #25951: Fix SSLSocket.sendall() to return None, by Aviv Palivoda | Martin Panter | 2016-04-03 | 1 | -1/+0 |
|/ | |||||
* | Issue #23804: Fix SSL recv/read(0) to not return 1024 bytes | Martin Panter | 2016-03-28 | 1 | -3/+3 |
| | |||||
* | Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store ↵ | Steve Dower | 2016-03-17 | 1 | -1/+2 |
| | | | | is empty. Patch by Baji. | ||||
* | issue23673 | Ethan Furman | 2015-03-19 | 1 | -4/+4 |
| | | | | | | | | | add private method to enum to support replacing global constants with Enum members: - search for candidate constants via supplied filter - create new enum class and members - insert enum class and replace constants with members via supplied module name - replace __reduce_ex__ with function that returns member name, so previous Python versions can unpickle modify IntEnum classes to use new method | ||||
* | merge 3.4 | Benjamin Peterson | 2015-03-05 | 1 | -2/+1 |
|\ | |||||
| * | use _import_symbols to import VERIFY_* constants | Benjamin Peterson | 2015-03-05 | 1 | -2/+1 |
| | | |||||
* | | merge 3.4 (#23481) | Benjamin Peterson | 2015-02-19 | 1 | -4/+2 |
|\ \ | |/ | |||||
| * | remove rc4 from the default client ciphers (closes #23481) | Benjamin Peterson | 2015-02-19 | 1 | -4/+2 |
| | | |||||
| * | Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The | Victor Stinner | 2015-01-06 | 1 | -1/+6 |
| | | | | | | | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil. | ||||
| * | Issue #20896, #22935: The ssl.get_server_certificate() function now uses the | Victor Stinner | 2015-01-06 | 1 | -1/+1 |
| | | | | | | | | | | | | ssl.PROTOCOL_SSLv23 protocol by default, not ssl.PROTOCOL_SSLv3, for maximum compatibility and support platforms where ssl.PROTOCOL_SSLv3 support is disabled. | ||||
| * | Issue #22935: Fix ssl module when SSLv3 protocol is not supported | Victor Stinner | 2014-12-12 | 1 | -6/+2 |
| | | |||||
* | | Issue #23239: ssl.match_hostname() now supports matching of IP addresses. | Antoine Pitrou | 2015-02-15 | 1 | -1/+22 |
| | | |||||
* | | add support for ALPN (closes #20188) | Benjamin Peterson | 2015-01-23 | 1 | -1/+26 |
| | | |||||
* | | remove extra definite article | Benjamin Peterson | 2015-01-11 | 1 | -2/+2 |
| | | |||||
* | | explain None can be returned | Benjamin Peterson | 2015-01-07 | 1 | -1/+3 |
| | | |||||
* | | expose the client's cipher suites from the handshake (closes #23186) | Benjamin Peterson | 2015-01-07 | 1 | -0/+10 |
| | | |||||
* | | Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The | Victor Stinner | 2014-11-28 | 1 | -1/+6 |
| | | | | | | | | | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil. | ||||
* | | merge 3.4 (#22921) | Benjamin Peterson | 2014-11-23 | 1 | -6/+1 |
|\ \ | |/ | |||||
| * | don't require OpenSSL SNI to pass hostname to ssl functions (#22921) | Benjamin Peterson | 2014-11-23 | 1 | -6/+1 |
| | | | | | | | | Patch by Donald Stufft. | ||||
| * | Issue #22638: SSLv3 is now disabled throughout the standard library. | Antoine Pitrou | 2014-10-17 | 1 | -0/+3 |
| | | | | | | | | It can still be enabled by instantiating a SSLContext manually. | ||||
* | | merge 3.4 (#22417) | Benjamin Peterson | 2014-11-03 | 1 | -2/+8 |
|\ \ | |/ | |||||
| * | PEP 476: enable HTTPS certificate verification by default (#22417) | Benjamin Peterson | 2014-11-03 | 1 | -2/+9 |
| | | | | | | | | Patch by Alex Gaynor with some modifications by me. | ||||
* | | Issue #22186: Fix typos in Lib/. | Berker Peksag | 2014-10-19 | 1 | -1/+1 |
|\ \ | |/ | | | | | Patch by Févry Thibault. | ||||
| * | Issue #22186: Fix typos in Lib/. | Berker Peksag | 2014-10-19 | 1 | -1/+1 |
| | | | | | | | | Patch by Févry Thibault. | ||||
* | | Issue #22638: SSLv3 is now disabled throughout the standard library. | Antoine Pitrou | 2014-10-17 | 1 | -0/+3 |
| | | | | | | | | It can still be enabled by instantiating a SSLContext manually. | ||||
* | | Remove unused "block" argument in SSLObject.do_handshake() (issue #21965) | Antoine Pitrou | 2014-10-05 | 1 | -1/+1 |
| | | |||||
* | | Issue #21965: Add support for in-memory SSL to the ssl module. | Antoine Pitrou | 2014-10-05 | 1 | -24/+139 |
| | | | | | | | | Patch by Geert Jansen. | ||||
* | | merge 3.4 (#22449) | Benjamin Peterson | 2014-10-03 | 1 | -2/+1 |
|\ \ | |/ | |||||
| * | also use openssl envvars to find certs on windows (closes #22449) | Benjamin Peterson | 2014-10-03 | 1 | -2/+1 |
| | | | | | | | | Patch by Christian Heimes and Alex Gaynor. | ||||
* | | Issue #20421: Add a .version() method to SSL sockets exposing the actual ↵ | Antoine Pitrou | 2014-09-04 | 1 | -0/+9 |
| | | | | | | | | protocol version in use. | ||||
* | | fix issue #17552: add socket.sendfile() method allowing to send a file over ↵ | Giampaolo Rodola' | 2014-06-11 | 1 | -0/+10 |
| | | | | | | | | a socket by using high-performance os.sendfile() on UNIX. Patch by Giampaolo Rodola'· | ||||
* | | Issue #20951: SSLSocket.send() now raises either SSLWantReadError or ↵ | Antoine Pitrou | 2014-04-29 | 1 | -11/+1 |
| | | | | | | | | | | | | SSLWantWriteError on a non-blocking socket if the operation would block. Previously, it would return 0. Patch by Nikolaus Rath. | ||||
* | | Issue #19940: ssl.cert_time_to_seconds() now interprets the given time ↵ | Antoine Pitrou | 2014-04-28 | 1 | -5/+27 |
| | | | | | | | | | | | | string in the UTC timezone (as specified in RFC 5280), not the local timezone. Patch by Akira. | ||||
* | | Issue #21068: The ssl.PROTOCOL* constants are now enum members. | Antoine Pitrou | 2014-04-18 | 1 | -19/+8 |
| | | |||||
* | | Issue #20896: ssl.get_server_certificate() now uses PROTOCOL_SSLv23, not ↵ | Antoine Pitrou | 2014-04-16 | 1 | -1/+1 |
|/ | | | | PROTOCOL_SSLv3, for maximum compatibility. | ||||
* | Issue #21013: Enhance ssl.create_default_context() for server side contexts | Donald Stufft | 2014-03-23 | 1 | -6/+24 |
| | | | | | | | | | | | | | | | | | | | | Closes #21013 by modfying ssl.create_default_context() to: * Move the restricted ciphers to only apply when using ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not is the lack of RC4 in the restricted. However there are servers that exist that only expose RC4 still. * Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context will select TLS1.1 or TLS1.2 if it is available. * Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets * Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security of the perfect forward secrecy * Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side socket the context will prioritize our ciphers which have been carefully selected to maximize security and performance. * Documents the failure conditions when a SSL3.0 connection is required so that end users can more easily determine if they need to unset ssl.OP_NO_SSLv3. | ||||
* | Issue #20995: Enhance default ciphers used by the ssl module | Donald Stufft | 2014-03-22 | 1 | -8/+31 |
| | | | | | | | | | | | | | | | Closes #20995 by Enabling better security by prioritizing ciphers such that: * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) * Prefer ECDHE over DHE for better performance * Prefer any AES-GCM over any AES-CBC for better performance and security * Then Use HIGH cipher suites as a fallback * Then Use 3DES as fallback which is secure but slow * Finally use RC4 as a fallback which is problematic but needed for compatibility some times. * Disable NULL authentication, NULL encryption, and MD5 MACs for security reasons | ||||
* | Issue #20976: pyflakes: Remove unused imports | Victor Stinner | 2014-03-20 | 1 | -3/+0 |
| | |||||
* | Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, ↵ | Antoine Pitrou | 2013-12-28 | 1 | -0/+5 |
|\ | | | | | | | rather than silently let them emit clear text data. | ||||
| * | Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, ↵ | Antoine Pitrou | 2013-12-28 | 1 | -0/+5 |
| | | | | | | | | rather than silently let them emit clear text data. | ||||
* | | Issue #19509: Don't close the socket in do_handshake() when hostname ↵ | Christian Heimes | 2013-12-04 | 1 | -9/+4 |
| | | | | | | | | verification fails. | ||||
* | | add check_hostname arg to ssl._create_stdlib_context() | Christian Heimes | 2013-12-02 | 1 | -1/+2 |
| | | |||||
* | | Issue #19509: Add SSLContext.check_hostname to match the peer's certificate | Christian Heimes | 2013-12-02 | 1 | -5/+27 |
| | | | | | | | | with server_hostname on handshake. | ||||
* | | ssl.create_default_context() sets OP_NO_COMPRESSION to prevent CRIME | Christian Heimes | 2013-11-28 | 1 | -0/+2 |
| | |