[issue22335] Python 3: Segfault instead of MemoryError when bytearray too big

Jakub Wilk added the comment: This patch should fix it. -- keywords: +patch nosy: +jwilk Added file: http://bugs.python.org/file36917/issue19087.patch ___ Python tracker ___

[issue18859] README.valgrind should mention --with-valgrind

Changes by Berker Peksag : -- stage: needs patch -> patch review type: -> enhancement versions: +Python 3.5 -Python 3.3 ___ Python tracker ___ __

[issue17611] Move unwinding of stack for "pseudo exceptions" from interpreter to compiler.

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue21929] Rounding properly

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue16535] json encoder unable to handle decimal

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue3068] IDLE - Add an extension configuration dialog

Terry J. Reedy added the comment: Saimadhav, since you did not mention a problem with the appearance of the True/False button or the action buttons, which were issues before, I presume they are okay. S1. For Shell, which does not have Format, alt-O opens Options. The hot key for Format should

[issue22237] sorted() docs should state that the sort is stable

Stéphane Wirtel added the comment: For this issue, I have read the source code of "sorted" and "list.sort" to be sure they use the same algorithm (not sure). But in the builtin_sorted function, I read PyId_sort, but when I grep the code, I don't find it. Where can I find the reference of this

[issue20981] ssl doesn't build anymore with OpenSSL 0.9.7 or older: X509_check_ca

Changes by Berker Peksag : -- nosy: +db3l ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue15722] PEP 3121, 384 Refactoring applied to decimal module

Stefan Krah added the comment: I would like to reject this until either the performance problems are solved or someone actually uses _decimal in multiple interpreters. If you do, you get tons of warnings about libmpdec being reinitialized, so I suspect no one has ever done that in Python 3.3+ (I

[issue12851] ctypes: getbuffer() never provides strides

Changes by Stefan Krah : -- assignee: skrah -> nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: h

[issue9116] test_capi.test_no_FatalError_infinite_loop crash on Windows

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.or

[issue7442] _localemodule.c: str2uni() with different LC_NUMERIC and LC_CTYPE

Stefan Krah added the comment: Well, I originally opened this issue but personally I'm not that bothered by it any more. Victor, do you want to keep it open? -- versions: +Python 3.2 -Python 3.3, Python 3.4 ___ Python tracker

[issue10803] ctypes: better support of bytearray objects

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue1621] Do not assume signed integer overflow behavior

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.or

[issue19577] memoryview bind (the opposite of release)

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue22113] memoryview and struct.pack_into

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue21855] Fix decimal in unicodeless build

Stefan Krah added the comment: LGTM, too. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pytho

[issue21833] Fix unicodeless build of Python

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue22542] Use arc4random under OpenBSD for os.urandom() if /dev/urandom is not present

700eb415 added the comment: > I'm not sure that arc4random() can be considered as coming from the "OS". We really have a couple options here. (1)Include a high quality pseudorandom number function for every platform that doesn't provide the proper call (very tedious and lots of places of mista

[issue21991] The new email API should use MappingProxyType instead of returning new dicts.

R. David Murray added the comment: No, it looks fine. This issue was mostly a reminder to myself. Thanks for the patch. The other place I thought there might be some instances of this was in _header_value_parser, but I don't see any on a quick scan. So this may be it. -- _

[issue14130] memoryview: add multi-dimensional indexing and slicing

Changes by Stefan Krah : -- assignee: skrah -> ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.py

[issue20020] "modernize" the modulefinder module

Changes by Berker Peksag : -- nosy: +berker.peksag ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail

[issue21855] Fix decimal in unicodeless build

Changes by Berker Peksag : -- stage: patch review -> commit review ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscrib

[issue22335] Python 3: Segfault instead of MemoryError when bytearray too big

Jakub Wilk added the comment: On a second thought, "logical_offset + 1" alone could overflow; and there are apparently other possible integer overflows in this function. -- ___ Python tracker _

[issue22619] Possible implementation of negative limit for traceback functions

Changes by Dmitry Kazakov : Removed file: http://bugs.python.org/file36916/tb_patch.diff ___ Python tracker ___ ___ Python-bugs-list mailing l

[issue22619] Possible implementation of negative limit for traceback functions

Changes by Dmitry Kazakov : -- hgrepos: +278 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pytho

[issue22619] Possible implementation of negative limit for traceback functions

Changes by Dmitry Kazakov : Added file: http://bugs.python.org/file36918/4a0ec19e4288.diff ___ Python tracker ___ ___ Python-bugs-list mailing

[issue22619] Possible implementation of negative limit for traceback functions

Changes by Dmitry Kazakov : -- hgrepos: -278 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pyth

[issue22619] Possible implementation of negative limit for traceback functions

Changes by Dmitry Kazakov : Removed file: http://bugs.python.org/file36918/4a0ec19e4288.diff ___ Python tracker ___ ___ Python-bugs-list maili

[issue22619] Possible implementation of negative limit for traceback functions

Changes by Dmitry Kazakov : Added file: http://bugs.python.org/file36919/tb_patch_2.diff ___ Python tracker ___ ___ Python-bugs-list mailing l

[issue10977] Concrete object C API considered harmful to subclasses of builtin types

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue15381] Optimize BytesIO to do less reallocations when written, similarly to StringIO

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue15903] Make rawiobase_read() read directly to bytes object

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue15994] memoryview to freed memory can cause segfault

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue17884] Try to reuse stdint.h types like int32_t

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue15993] Windows: 3.3.0-rc2.msi: test_buffer fails

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue17870] Python does not provide PyLong_FromIntMax_t() or PyLong_FromUintMax_t() function

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue21167] float('nan') returns 0.0 on Python compiled with icc

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue3068] IDLE - Add an extension configuration dialog

Terry J. Reedy added the comment: S1. The top menu bar hot keys are set in EditorWindow.menu_specs. 'Options' *can* be opened, at least on Windows, with alt O O (and Format with alt O ). Conflicts are definitely Not Good. Any strong opinions on marking 'm' veras 't'? -- _

[issue15913] PyBuffer_SizeFromFormat is missing

Changes by Stefan Krah : -- nosy: -skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue21855] Fix decimal in unicodeless build

Roundup Robot added the comment: New changeset 108377d0e24f by Serhiy Storchaka in branch '2.7': Issue #21855: Fixed the decimal module in unicode disabled build. https://hg.python.org/cpython/rev/108377d0e24f -- nosy: +python-dev ___ Python tracker

[issue21855] Fix decimal in unicodeless build

Serhiy Storchaka added the comment: Thank you Mark and Stefan for your reviews. -- assignee: -> serhiy.storchaka dependencies: -Fix unicodeless build of Python resolution: -> fixed status: open -> closed ___ Python tracker

[issue12067] Doc: remove errors about mixed-type comparisons.

Andy Maier added the comment: I have addressed the comments by Jim Jewett, Martin Panter and of myself in a new version v11, which got posted. For the expression.rst doc file, this version of the patch has its diff sections in a logical order, so that the original text and the patched text are

[issue22237] sorted() docs should state that the sort is stable

Georg Brandl added the comment: PyId_sort is not a function, it's a somewhat complicated way of getting a Python string "sort" (in this case, for looking up a method using PyObject_GetAttrId). The string object is cached, with is faster than constructing one every time with PyObject_GetAttrSt

[issue21855] Fix decimal in unicodeless build

Changes by Serhiy Storchaka : -- stage: commit review -> resolved ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe

[issue12067] Doc: remove errors about mixed-type comparisons.

Andy Maier added the comment: I also made sure in both files that the line length of any changed or new lines is max 80. Sorry if that creates extra changes when looking at deltas between change sets. -- ___ Python tracker

[issue22632] Official IDLE web page address is not valid

New submission from Serhiy Storchaka: WWW address (http://www.python.org/idle/) mentioned in "About IDLE" dialog window is no longer valid. -- assignee: docs@python components: Documentation, IDLE messages: 229329 nosy: docs@python, eric.araujo, ezio.melotti, georg.brandl, kbk, roger.se

[issue22633] Memory disclosure/buffer overread via bug in Py_FrozenMain

New submission from Guido: Python/frozenmain.c:27 - https://hg.python.org/cpython/file/424fbf011176/Python/frozenmain.c#l27 Memory is allocated for sizeof(wchar_t*) * argc bytes. If argc is 0 (which is a possibility, see below), then 0 bytes are attempted to allocate. Note that PyMem_RawMallo

[issue22630] `concurrent.futures.Future.set_running_or_notify_cancel` does not notify cancel

Changes by Ned Deily : -- nosy: +bquinlan ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue22631] Feature Request CAN_RAW_FD_FRAME

Changes by Ned Deily : -- nosy: +neologix ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue20981] ssl doesn't build anymore with OpenSSL 0.9.7 or older: X509_check_ca

David Bolen added the comment: Both of my FreeBSD buildbots are quite ancient (particularly so with FreeBSD/6.4), and mostly still exist because of lack of pressure to change them, and at least for a while having an older, legacy FreeBSD buildbot was of some use. I have no plans on upgrading

[issue22632] Official IDLE web page address is not valid

Ned Deily added the comment: For the record, on the legacy web site, that URI (which you can still see as http://legacy.python.org/idle/) redirected to the Python 2 IDLE page in the Standard Library docs: https://docs.python.org/2/library/idle.html. -- nosy: +ned.deily __

[issue22632] Official IDLE web page address is not valid

Georg Brandl added the comment: I guess a redirect could be added again. -- nosy: +benjamin.peterson ___ Python tracker ___ ___ Python

[issue22632] Official IDLE web page address is not valid

Ned Deily added the comment: It could but to which page, e.g. which version of the docs? -- ___ Python tracker ___ ___ Python-bugs-lis

[issue22632] Official IDLE web page address is not valid

Serhiy Storchaka added the comment: Should we add /idle3/ redirection for 3.x? -- ___ Python tracker ___ ___ Python-bugs-list mailing

[issue22632] Official IDLE web page address is not valid

Ned Deily added the comment: The URI in "About IDLE" is redundant in that the same information on the doc page is also available in text format in the IDLE Help menu and there is also a link there to the full HTML docs. Perhaps the URI should just be removed from About IDLE going forward; we

[issue21189] Broken link to patch

Barry A. Warsaw added the comment: I changed the link to point here: https://docs.python.org/devguide/patch.html -- resolution: -> fixed status: open -> closed ___ Python tracker __

[issue7442] _localemodule.c: str2uni() with different LC_NUMERIC and LC_CTYPE

STINNER Victor added the comment: The issue has a workaround: use LC_NUMERIC and LC_CTYPE locales which use the same encoding. To avoid issues, it's probably safer to only use UTF-8 locales, which are now available on modern Linux distro. I don't like the idea of calling setlocale() just for t

[issue22631] Feature Request CAN_RAW_FD_FRAME

Charles-François Natali added the comment: Annoying. I thought CAN_RAW_FD_FRAME would be a macro, which would have made conditional compilation easy, but it's apparently a enum value, which means we have to add a configure-time check... -- components: +Library (Lib) -IO __

[issue3068] IDLE - Add an extension configuration dialog

Terry J. Reedy added the comment: Referring to previous item numbers, this new patch, relative to -2, 1. adds padx to gridding of entry widgets. (Note, editor text area runs against scroll bar in same way as these did, but without breaks, it looks fine.) Padding border looks better to me. 2.

[issue20981] ssl doesn't build anymore with OpenSSL 0.9.7 or older: X509_check_ca

STINNER Victor added the comment: If we drop support of FreeBSD older than 8.x for example, we should make it official. Mention it at least in the What's New in Python 3.5 and/or the PEP 11. What do you think? -- ___ Python tracker

[issue22634] importing _ctypes failed: undefined symbol: ffi_call_win32

STINNER Victor added the comment: Similar issue on old FreeBSD versions: issuee #22521. -- nosy: +haypo ___ Python tracker ___ ___ Pyt

[issue22627] Calling timestamp() on a datetime object modifies the timestamp of a different datetime object.

Christopher Lee added the comment: Hi Antoine, thanks for taking a look. I should explain further. This code is for an introspection tool[1] that provides an interface to write tests in python against an application. This code is a workaround for using large timestamps[2] (i.e. larger than 32b

[issue20981] ssl doesn't build anymore with OpenSSL 0.9.7 or older: X509_check_ca

David Bolen added the comment: I suppose it depends on what the current policy (if any) is. Not sure how far back we would officially claim to support even today. We have a 6.4 buildbot due to history, but it's never made the stable list, and is probably in a failing state as much or more as

[issue22634] importing _ctypes failed: undefined symbol: ffi_call_win32

Georg Brandl added the comment: This appears to be caused by the update to libffi version 3.1 in 3.4.2. -- keywords: +3.4regression nosy: +doko, georg.brandl ___ Python tracker _

[issue18643] add a fallback socketpair() implementation in test.support

Roundup Robot added the comment: New changeset 6098141155f9 by Charles-François Natali in branch 'default': Issue #18643: Add socket.socketpair() on Windows. https://hg.python.org/cpython/rev/6098141155f9 -- ___ Python tracker

[issue16200] Setting .posix=True for shlex object causes infinite loop in __next__

Claudiu Popa added the comment: Here's a refreshed patch, which applies cleanly on tip. Also, I added a test for the code that generates an infinite loop. -- nosy: +Claudiu.Popa versions: +Python 3.5 -Python 3.2, Python 3.3, Python 3.4 Added file: http://bugs.python.org/file36922/issue1

[issue22632] Official IDLE web page address is not valid

Terry J. Reedy added the comment: Idle's Help system needs a thorough review. Current issues include 16893, 21995, 17583, and a few more in my head, including revising About. In the meanwhile, I am replacing the dead link with 'https://docs.python.org/' + sys.version[:3] + '/library/idle.html

[issue22632] Official IDLE web page address is not valid

Ned Deily added the comment: OK, the redirect should now be in place. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsu

[issue22632] Official IDLE web page address is not valid

Roundup Robot added the comment: New changeset d411dff4e3d4 by Terry Jan Reedy in branch '2.7': Issue #22632: replace dead link with version-specific doc link. https://hg.python.org/cpython/rev/d411dff4e3d4 New changeset db5e431125b1 by Terry Jan Reedy in branch '3.4': Issue #22632: replace dead

[issue22632] Official IDLE web page address is not valid

Terry J. Reedy added the comment: verified -- resolution: -> fixed stage: -> resolved status: open -> closed ___ Python tracker ___

[issue18643] add a fallback socketpair() implementation in test.support

Roundup Robot added the comment: New changeset 03d3f2664930 by Victor Stinner in branch '3.4': Issue #18643: asyncio.windows_utils now reuse socket.socketpair() on Windows if https://hg.python.org/cpython/rev/03d3f2664930 -- ___ Python tracker

[issue22635] subprocess.getstatusoutput changed behavior in 3.4 (maybe 3.3.4?)

New submission from Josh Rosenberg: (U) The examples for the function still show the return code in the form os.popen would produce (a program exiting with status 1 would return 256 as the status), but the new code from #10197 makes the status 1, not 256. (U) This is a breaking change for code

[issue22635] subprocess.getstatusoutput changed behavior in 3.4 (maybe 3.3.4?)

STINNER Victor added the comment: It probably comes from this change: --- changeset: 86879:c34e163c0086 branch: 3.3 parent: 86870:dbff708e393f user:Tim Golden date:Sun Nov 03 12:53:17 2013 + files: Lib/subprocess.py Lib/test/test_subprocess.py Misc/NEWS desc

[issue22635] subprocess.getstatusoutput changed behavior in 3.4 (maybe 3.3.4?)

STINNER Victor added the comment: Oh, I now understand why I feel guilty, I proposed a patch rewriting getstatusoutput() in the issue #10197. My patch ends with: +if os.name != 'nt': +# convert status to be interpreted according to the wait() rules +sts = sts << 8 This fix

[issue22635] subprocess.getstatusoutput changed behavior in 3.4 (maybe 3.3.4?)

Josh Rosenberg added the comment: Ah blech. Can someone with privileges edit my original message to remove the junk at the beginning of each paragraph? Habit from an old job. Wish I could just edit the message. -- ___ Python tracker

[issue22635] subprocess.getstatusoutput changed behavior in 3.4 (maybe 3.3.4?)

STINNER Victor added the comment: > Can someone with privileges edit my original message to remove the junk at > the beginning of each paragraph? It's not possible to edit a message, only to remove it. I don't like removing the initial message of an issue. Don't worry, (U) looks a bullet, it

[issue22635] subprocess.getstatusoutput changed behavior in 3.4 (maybe 3.3.4?)

R. David Murray added the comment: You are right, it did change in 3.3.4 (see issue 10197). That change should not have been applied to 3.3, and obviously there was a missing test concerning the return code format. At this point I think we are stuck with changing the documentation. The new

[issue18643] add a fallback socketpair() implementation to the socket module

Changes by Charles-François Natali : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed title: add a fallback socketpair() implementation in test.support -> add a fallback socketpair() implementation to the socket module

[issue22635] subprocess.getstatusoutput changed behavior in 3.4 (maybe 3.3.4?)

STINNER Victor added the comment: > You are right, it did change in 3.3.4 (see issue 10197). That change should > not have been applied to 3.3, ... The purpose of the issue #10197 was to fix a bug on Windows: getoutput() didn't work. -- ___ Python

[issue22635] subprocess.getstatusoutput changed behavior in 3.4 (maybe 3.3.4?)

R. David Murray added the comment: But it was also a feature addition: getoutput had not been *intended* to work on Windows. I understand why the mistake was made (the argument that it was a bug has weight), but the fact that a versionchanged was needed mentioning 3.3.4 indicates it wasn't re

[issue20152] Derby #15: Convert 50 sites to Argument Clinic across 9 files

Roundup Robot added the comment: New changeset 5e8b94397f81 by Brett Cannon in branch 'default': Issue #20152: Convert the cmath module to Argument Clinic. https://hg.python.org/cpython/rev/5e8b94397f81 -- ___ Python tracker

[issue22636] avoid using a shell in ctypes.util: replace os.popen with subprocess

New submission from STINNER Victor: Attached patch modifies the ctypes.util module to not use a shell: it replaces os.open() with subprocess.Popen on Linux. Running a shell is slower and is more vulnerable to code injection. I only modified code path on Linux right now. They are still calls to

[issue22637] avoid using a shell in uuid: replce os.popen with subprocess.Popen

New submission from STINNER Victor: Attached patch modifies the uuid module to not use a shell: it replaces os.popen() with subprocess.Popen on UNIX. Running a shell is slower and is more vulnerable to code injection. I only modified code path on UNIX right now. They is still a call to os.pope

[issue22599] traceback: errors in the linecache module at exit

STINNER Victor added the comment: > There is one downside of my solution. For now the code uses current builtin > open() which can be overloaded (to handle reading from ZIP archive for > example, or to check permissions). Oh, does anyone really modify the builtin open() for that? If you alread

[issue22599] traceback: errors in the linecache module at exit

STINNER Victor added the comment: traceback_at_exit-2.patch: Updated patch to remove "import builtins" from tokenize.py, it's no more needed. -- Added file: http://bugs.python.org/file36925/traceback_at_exit-2.patch ___ Python tracker

[issue3068] IDLE - Add an extension configuration dialog

Roundup Robot added the comment: New changeset 7ba47bbfe38d by Terry Jan Reedy in branch '2.7': Issue #3068: Change 0/1 to False/True so that extension configure dialog can https://hg.python.org/cpython/rev/7ba47bbfe38d New changeset 94f8d65371b7 by Terry Jan Reedy in branch '3.4': Issue #3068:

[issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)

New submission from STINNER Victor: Copy of Donald Stuff email sent to python-dev: A big security breach of SSL 3.0 just dropped a little while ago (named POODLE). With this there is now no ability to securely connect via SSL 3.0. I believe that we should disable SSL 3.0 in Python similarly to h

[issue22637] avoid using a shell in uuid: replce os.popen with subprocess.Popen

Changes by Josh Rosenberg : -- nosy: +josh.r ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pytho

[issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)

Changes by Alex Gaynor : -- nosy: +christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou ___ Python tracker ___ ___ Python-bugs

[issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)

Alex Gaynor added the comment: This patch disables SSLv3 by default for Python. Uesrs can get it back by specifiying SSL_PROTOCOLv3 explicitly. -- keywords: +needs review, patch nosy: +alex Added file: http://bugs.python.org/file36926/issue22638.diff ___

[issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)

Antoine Pitrou added the comment: """Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solv

[issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)

Antoine Pitrou added the comment: IOW, I think it may be ok to disable SSLv3 in create_default_context(), but not necessarily in other contexts. -- ___ Python tracker ___ __

[issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)

Alex Gaynor added the comment: create_default_context already disables SSLv3! (Good work everybody :-)) FWIW many vendors are already moving to disable SSLv3, e.g. cloudflare already did. -- ___ Python tracker __

[issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)

Antoine Pitrou added the comment: How many times will it have to be repeated that SSL is used for other things than HTTPS-on-the-Web? -- ___ Python tracker ___ _

[issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)

Donald Stufft added the comment: I think it's fine to disable it all together. Google is planning/hoping to kill SSL 3.0 completely from their clients in the next couple of months. They just don't want to release a patch that disables SSL 3.0 right today. -- __

[issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)

Donald Stufft added the comment: I don't know, how many times will it have to be repeated that secure defaults matter? SSL 3.0 can be turned back on easily enough, it isn't a hard shut off. It changes the default just like what was done with SSLv2.0. -- __

[issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)

Antoine Pitrou added the comment: The difference is that SSLv2 had been dead for long already. We don't have any statistic about SSLv3 servers in the wild, but I'd be surprised if they had turned entirely negligible. -- ___ Python tracker

[issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)

Alex Gaynor added the comment: CloudFlare published some statistics: https://blog.cloudflare.com/sslv3-support-disabled-by-default-due-to-vulnerability/ -- ___ Python tracker __

[issue22638] ssl module: the SSLv3 protocol is vulnerable ("POODLE" attack)

Donald Stufft added the comment: There's also https://www.trustworthyinternet.org/ssl-pulse/ -- ___ Python tracker ___ ___ Python-bugs

<    1   2   3   >