Marc-Andre Lemburg added the comment: On 14.11.2014 01:29, Benjamin Peterson wrote: > > But you can reenable SSLv3 by alerting the context and monkeypatching as > described in the PEP.
Well, I can monkeypatch the ssl module of course, but that's not really the point here. I'm not talking about whether I can fix this for myself or not. The point here is that PEP 476 only addresses certificate validation, not disabling of SSLv3 support. AFAIK, there has been no discussion about this removal on python-dev or in a PEP. The only place I found some discussion was on http://bugs.python.org/issue22638, but that's targeting Python 3.5, not a patch level release of Python or existing software. Also note that all of the browsers mentioned in that ticket discussion only disable the feature, but keep an option to reenable it. As it stands, there's no simple option to do this for the ssl default context short of monkeypatching ssl.OP_NO_SSLv3 = 0. It would be better to add e.g. a global to the ssl module, so that you can override the default context options easily and without having to monkeypatch anything: ssl.py: DEFAULT_CONTEXT_OPTIONS = OP_NO_SSLv2 | OP_NO_SSLv3 | ... myapp.py: import ssl # Reenable SSLv3 for myapp: ssl.DEFAULT_CONTEXT_OPTIONS = ssl.DEFAULT_CONTEXT_OPTIONS & ~ssl.OP_NO_SSLv3 ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22866> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
