summaryrefslogtreecommitdiffstats
path: root/Lib/ssl.py
Commit message (Collapse)AuthorAgeFilesLines
...
| * Issue #22186: Fix typos in Lib/.Berker Peksag2014-10-191-1/+1
| | | | | | | | Patch by Févry Thibault.
* | Issue #22638: SSLv3 is now disabled throughout the standard library.Antoine Pitrou2014-10-171-0/+3
| | | | | | | | It can still be enabled by instantiating a SSLContext manually.
* | Remove unused "block" argument in SSLObject.do_handshake() (issue #21965)Antoine Pitrou2014-10-051-1/+1
| |
* | Issue #21965: Add support for in-memory SSL to the ssl module.Antoine Pitrou2014-10-051-24/+139
| | | | | | | | Patch by Geert Jansen.
* | merge 3.4 (#22449)Benjamin Peterson2014-10-031-2/+1
|\ \ | |/
| * also use openssl envvars to find certs on windows (closes #22449)Benjamin Peterson2014-10-031-2/+1
| | | | | | | | Patch by Christian Heimes and Alex Gaynor.
* | Issue #20421: Add a .version() method to SSL sockets exposing the actual ↵Antoine Pitrou2014-09-041-0/+9
| | | | | | | | protocol version in use.
* | fix issue #17552: add socket.sendfile() method allowing to send a file over ↵Giampaolo Rodola'2014-06-111-0/+10
| | | | | | | | a socket by using high-performance os.sendfile() on UNIX. Patch by Giampaolo Rodola'·
* | Issue #20951: SSLSocket.send() now raises either SSLWantReadError or ↵Antoine Pitrou2014-04-291-11/+1
| | | | | | | | | | | | SSLWantWriteError on a non-blocking socket if the operation would block. Previously, it would return 0. Patch by Nikolaus Rath.
* | Issue #19940: ssl.cert_time_to_seconds() now interprets the given time ↵Antoine Pitrou2014-04-281-5/+27
| | | | | | | | | | | | string in the UTC timezone (as specified in RFC 5280), not the local timezone. Patch by Akira.
* | Issue #21068: The ssl.PROTOCOL* constants are now enum members.Antoine Pitrou2014-04-181-19/+8
| |
* | Issue #20896: ssl.get_server_certificate() now uses PROTOCOL_SSLv23, not ↵Antoine Pitrou2014-04-161-1/+1
|/ | | | PROTOCOL_SSLv3, for maximum compatibility.
* Issue #21013: Enhance ssl.create_default_context() for server side contextsDonald Stufft2014-03-231-6/+24
| | | | | | | | | | | | | | | | | | | | Closes #21013 by modfying ssl.create_default_context() to: * Move the restricted ciphers to only apply when using ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not is the lack of RC4 in the restricted. However there are servers that exist that only expose RC4 still. * Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context will select TLS1.1 or TLS1.2 if it is available. * Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets * Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security of the perfect forward secrecy * Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side socket the context will prioritize our ciphers which have been carefully selected to maximize security and performance. * Documents the failure conditions when a SSL3.0 connection is required so that end users can more easily determine if they need to unset ssl.OP_NO_SSLv3.
* Issue #20995: Enhance default ciphers used by the ssl moduleDonald Stufft2014-03-221-8/+31
| | | | | | | | | | | | | | | Closes #20995 by Enabling better security by prioritizing ciphers such that: * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) * Prefer ECDHE over DHE for better performance * Prefer any AES-GCM over any AES-CBC for better performance and security * Then Use HIGH cipher suites as a fallback * Then Use 3DES as fallback which is secure but slow * Finally use RC4 as a fallback which is problematic but needed for compatibility some times. * Disable NULL authentication, NULL encryption, and MD5 MACs for security reasons
* Issue #20976: pyflakes: Remove unused importsVictor Stinner2014-03-201-3/+0
|
* Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, ↵Antoine Pitrou2013-12-281-0/+5
|\ | | | | | | rather than silently let them emit clear text data.
| * Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, ↵Antoine Pitrou2013-12-281-0/+5
| | | | | | | | rather than silently let them emit clear text data.
* | Issue #19509: Don't close the socket in do_handshake() when hostname ↵Christian Heimes2013-12-041-9/+4
| | | | | | | | verification fails.
* | add check_hostname arg to ssl._create_stdlib_context()Christian Heimes2013-12-021-1/+2
| |
* | Issue #19509: Add SSLContext.check_hostname to match the peer's certificateChristian Heimes2013-12-021-5/+27
| | | | | | | | with server_hostname on handshake.
* | ssl.create_default_context() sets OP_NO_COMPRESSION to prevent CRIMEChristian Heimes2013-11-281-0/+2
| |
* | Issue #19735: Implement private function ssl._create_stdlib_context() toChristian Heimes2013-11-231-6/+44
| | | | | | | | | | create SSLContext objects in Python's stdlib module. It provides a single configuration point and makes use of SSLContext.load_default_certs().
* | Issue #19689: Add ssl.create_default_context() factory function. It createsChristian Heimes2013-11-231-0/+35
| | | | | | | | a new SSLContext object with secure default settings.
* | Issue #19292: Add SSLContext.load_default_certs() to load default root CAChristian Heimes2013-11-231-0/+28
| | | | | | | | | | certificates from default stores or system stores. By default the method loads CA certs for authentication of server certs.
* | Issue #17134: Finalize interface to Windows' certificate store. Cert andChristian Heimes2013-11-221-1/+1
| | | | | | | | | | CRL enumeration are now two functions. enum_certificates() also returns purpose flags as set of OIDs.
* | Issue #8813: Add SSLContext.verify_flags to change the verification flagsChristian Heimes2013-11-211-0/+2
| | | | | | | | | | of the context in order to enable certification revocation list (CRL) checks or strict X509 rules.
* | Issue #19448: Add private API to SSL module to lookup ASN.1 objects by OID, ↵Christian Heimes2013-11-171-2/+24
| | | | | | | | NID, short name and long name.
* | merge with 3.3Georg Brandl2013-10-271-22/+50
|\ \ | |/
| * Issue #17997: Change behavior of ``ssl.match_hostname()`` to follow RFC 6125,Georg Brandl2013-10-271-22/+50
| | | | | | | | | | for security reasons. It now doesn't match multiple wildcards nor wildcards inside IDN fragments.
* | #18705: merge with 3.3.Ezio Melotti2013-08-171-1/+1
|\ \ | |/
| * #18705: fix a number of typos. Patch by Févry Thibault.Ezio Melotti2013-08-171-1/+1
| |
* | Issue #9177: Calling read() or write() now raises ValueError, not ↵Antoine Pitrou2013-07-201-0/+4
| | | | | | | | | | | | AttributeError, on a closed SSL socket. Patch by Senko Rasic.
* | Issue #18200: Back out usage of ModuleNotFoundError (8d28d44f3a9a)Brett Cannon2013-07-041-2/+2
| |
* | Issue #18200: Update the stdlib (except tests) to useBrett Cannon2013-06-141-2/+2
| | | | | | | | ModuleNotFoundError.
* | Issue #17134: Add ssl.enum_cert_store() as interface to Windows' cert store.Christian Heimes2013-06-091-0/+4
| |
* | Issue #18143: Implement ssl.get_default_verify_paths() in order to debugChristian Heimes2013-06-091-0/+20
| | | | | | | | the default locations for cafile and capath.
* | Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of ↵Antoine Pitrou2013-05-181-1/+8
|\ \ | |/ | | | | service using certificates with many wildcards (CVE-2013-2099).
| * Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of ↵Antoine Pitrou2013-05-181-1/+8
| | | | | | | | service using certificates with many wildcards (CVE-2013-2099).
* | Issue #13721: SSLSocket.getpeercert() and SSLSocket.do_handshake() now raise ↵Antoine Pitrou2013-05-011-12/+22
| | | | | | | | an OSError with ENOTCONN, instead of an AttributeError, when the SSLSocket is not connected.
* | remove uneffective 'while True' clauseGiampaolo Rodola'2013-04-031-11/+10
| |
* | Issue #16692: The ssl module now supports TLS 1.1 and TLS 1.2. Initial ↵Antoine Pitrou2013-03-281-2/+11
| | | | | | | | patch by Michele Orrù.
* | merge 3.3 (#16900)Benjamin Peterson2013-01-101-4/+0
|\ \ | |/
| * remove __del__ because it's evil and also prevents the ResourceWarning on ↵Benjamin Peterson2013-01-101-4/+0
| | | | | | | | the socket from happening (closes #16900)
* | Issue #8109: The ssl module now has support for server-side SNI, thanks to a ↵Antoine Pitrou2013-01-051-32/+60
| | | | | | | | | | | | :meth:`SSLContext.set_servername_callback` method. Patch by Daniel Black.
* | Issue #16717: get rid of socket.error, replace with OSErrorAndrew Svetlov2012-12-181-4/+6
|/
* Issue #16357: fix calling accept() on a SSLSocket created through ↵Antoine Pitrou2012-11-111-10/+5
|\ | | | | | | | | | | SSLContext.wrap_socket(). Original patch by Jeff McNeil.
| * Issue #16357: fix calling accept() on a SSLSocket created through ↵Antoine Pitrou2012-11-111-10/+5
| | | | | | | | | | | | SSLContext.wrap_socket(). Original patch by Jeff McNeil.
* | Issue #14204: The ssl module now has support for the Next Protocol ↵Antoine Pitrou2012-03-211-3/+24
| | | | | | | | | | | | Negotiation extension, if available in the underlying OpenSSL library. Patch by Colin Marc.
* | Try to really fix compilation failures of the _ssl module under very old ↵Antoine Pitrou2012-02-171-1/+5
| | | | | | | | OpenSSLs.
* | Issue #13636: Weak ciphers are now disabled by default in the ssl moduleAntoine Pitrou2012-01-031-2/+11
|\ \ | |/ | | | | (except when SSLv2 is explicitly asked for).
generated by cgit v0.12 at 2024-10-21 11:47:16 (GMT)