Issue #20896, #22935: The ssl.get_server_certificate() function now uses the

ssl.PROTOCOL_SSLv23 protocol by default, not ssl.PROTOCOL_SSLv3, for maximum compatibility and support platforms where ssl.PROTOCOL_SSLv3 support is disabled.

Issue #20896, #22935: The ssl.get_server_certificate() function now uses the
ssl.PROTOCOL_SSLv23 protocol by default, not ssl.PROTOCOL_SSLv3, for maximum compatibility and support platforms where ssl.PROTOCOL_SSLv3 support is disabled.
9d01717f · Victor Stinner · 5819cfa5 · 9d01717f · 9d01717f
Commit 9d01717f authored Jan 06, 2015 by Victor Stinner
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

Lib/ssl.py Lib/ssl.py +1 -1

Misc/NEWS Misc/NEWS +5 -0

No files found.
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -922,7 +922,7 @@ def PEM_cert_to_DER_cert(pem_cert_string):
    d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
    return base64.decodebytes(d.encode('ASCII', 'strict'))

-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
    """Retrieve the certificate from the server at the specified address,
    and return it as a PEM-encoded string.
    If 'ca_certs' is specified, validate the server cert against it.

--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -44,6 +44,11 @@ Core and Builtins
 Library
 -------

+- Issue #20896, #22935: The :func:`ssl.get_server_certificate` function now
+  uses the :data:`~ssl.PROTOCOL_SSLv23` protocol by default, not
+  :data:`~ssl.PROTOCOL_SSLv3`, for maximum compatibility and support platforms
+  where :data:`~ssl.PROTOCOL_SSLv3` support is disabled.
+
 - Issue #23111: In the ftplib, make ssl.PROTOCOL_SSLv23 the default protocol
  version.