New submission from Heikki Toivonen <[EMAIL PROTECTED]>: There should be a way to disable SSLv2 since it is insecure. It would be even better if SSLv2 was disabled out of the box, but maybe there could be a way to re-enable it.
I made the default to disable SSLv2 in M2Crypto, but those that want it can explicitly request unsecure connection. You can take a look at http://svn.osafoundation.org/m2crypto/trunk/M2Crypto/SSL/Context.py to see how I did it. Modern web browsers are also removing SSLv2 support from them, so it should be really rare to actually need v2 anywhere. ---------- components: Library (Lib) messages: 71404 nosy: heikki severity: normal status: open title: Provide a way to disable SSLv2 (or better yet, disable by default) type: security versions: Python 2.6 _______________________________________ Python tracker <[EMAIL PROTECTED]> <http://bugs.python.org/issue3596> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
