Christian Heimes <li...@cheimes.de> added the comment:

For example an invalid host name should invalidate the session until #31399 is 
resolved. Any TLS protocol violation should also invalidate the session. If 
somebody messes with the connection or the TLS protocol encounters a problem 
during MAC validation, the connection must be considered as tainted.

Some exception may be fine. IMO it's still safer hard-close the connection on 
any exceptions.

I agree with you. Let's not guess and ask some experts. I'm having meetings 
with security engineers from GnuTLS and NSS next week. I'll ask them.

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue27815>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to