[issue23111] ftplib.FTP_TLS's default constructor does not work with TLSv1.1 or TLSv1.2
New submission from varde:
When trying to connect to a server which only supports TLS version 1.1 or 1.2,
the following error is raised:
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:598)
For some reason, the SSL version is set to ssl.PROTOCOL_TLSv1 before
initialisation and an SSL context is created in __init__, making any subsequent
change to ssl_version useless.
The only way to establish a successful connection is to pass a custom SSL
context to the constructor.
I think ssl_version should be settable at construction time before the context
is created.
I'm not sure exposing ssl_version is useful either, the documentation mentions
it but it has no use after initialisation.
The following lines should also be changed:
if self.ssl_version == ssl.PROTOCOL_TLSv1:
resp = self.voidcmd('AUTH TLS')
--
components: Library (Lib)
messages: 233087
nosy: varde
priority: normal
severity: normal
status: open
title: ftplib.FTP_TLS's default constructor does not work with TLSv1.1 or
TLSv1.2
type: behavior
versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4
___
Python tracker
<http://bugs.python.org/issue23111>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23111] ftplib.FTP_TLS's default constructor does not work with TLSv1.1 or TLSv1.2
varde added the comment: Well, because the ssl_version parameter should have a purpose. If it doesn't, the least we could do is remove it from the docs. -- ___ Python tracker <http://bugs.python.org/issue23111> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23111] ftplib.FTP_TLS's default constructor does not work with TLSv1.1 or TLSv1.2
varde added the comment: I know that, but it seems pretty unusual. And I would never had guessed from the documentation, I had to read the source. My point is that it should be easier to just connect to a TLSv1.2 server: the documentation should mention the fact that ssl_version is a class attribute or it should be set to something more compatible like ssl.PROTOCOL_SSLv23. I'm not sure about the implications of the latter. I'm not saying that this is a serious bug, but I'm used to Python providing us with something that works (more or less) out of the box. -- ___ Python tracker <http://bugs.python.org/issue23111> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
