Christian Heimes <li...@cheimes.de> added the comment: For example an invalid host name should invalidate the session until #31399 is resolved. Any TLS protocol violation should also invalidate the session. If somebody messes with the connection or the TLS protocol encounters a problem during MAC validation, the connection must be considered as tainted.
Some exception may be fine. IMO it's still safer hard-close the connection on any exceptions. I agree with you. Let's not guess and ask some experts. I'm having meetings with security engineers from GnuTLS and NSS next week. I'll ask them. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue27815> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com