Marc-Andre Lemburg added the comment: > Benjamin Peterson added the comment: > > On Thu, Dec 11, 2014, at 15:24, Marc-Andre Lemburg wrote: >> >> Marc-Andre Lemburg added the comment: >> >> On 11.12.2014 20:42, Benjamin Peterson wrote: >>> >>> Usually you can pass your own context. >> >> Yes, in new code, but not in existing Python 2.7 code that wasn't >> written for the newly added SSL context feature. > > How is modifying code to use a context different from modifying it to > mess around with a hypothetical ssl.DEFAULT_SSL_OPTIONS?
Hmm, isn't that obvious ? You only have to add a single line of code to tweak the default options rather than add context support throughout your application. >> BTW: Having a way to change the SSL options globally would be useful >> for Python 3.x as well, since OpenSSL often adds new options and >> it's not unlikely we'll see an OP_NO_TLSv1 option soon, given its >> age and similarity to SSLv3... >> https://www.imperialviolet.org/2014/12/08/poodleagain.html >> (the poodle strikes back ;-)) > > That option already exists and is exposed. :) Right, but it's not used in the current default context. Hard coding options in a function is not a good idea, really, esp. not for things that change as often as cipher strings and protocol options :-) ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22866> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
