Antoine Pitrou added the comment: So, I've disabled SSLv3 in _create_stdlib_context() for the next feature release (3.5). By the time it is released, we can consider SSLv3 will be dead.
Related news: - Opera doesn't disable SSLv3 yet, but implements custom countermeasures: http://blogs.opera.com/security/2014/10/security-changes-opera-25-poodle-attacks/ - Mozilla doesn't disable SSLv3 yet (it will be disabled in 3 months): https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22638> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
