- 24 Mar, 2014 1 commit
-
-
Zachary Ware authored
-
- 23 Mar, 2014 10 commits
-
-
Donald Stufft authored
Closes #21013 by modfying ssl.create_default_context() to: * Move the restricted ciphers to only apply when using ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not is the lack of RC4 in the restricted. However there are servers that exist that only expose RC4 still. * Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context will select TLS1.1 or TLS1.2 if it is available. * Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets * Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security of the perfect forward secrecy * Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side socket the context will prioritize our ciphers which have been carefully selected to maximize security and performance. * Documents the failure conditions when a SSL3.0 connection is required so that end users can more easily determine if they need to unset ssl.OP_NO_SSLv3.
-
Georg Brandl authored
-
Antoine Pitrou authored
-
Richard Oudkerk authored
-
R David Murray authored
-
Antoine Pitrou authored
-
Richard Oudkerk authored
-
Richard Oudkerk authored
-
Richard Oudkerk authored
-
Richard Oudkerk authored
-
- 22 Mar, 2014 4 commits
-
-
Georg Brandl authored
-
Antoine Pitrou authored
Issue #20913: improve the SSL security considerations to first advocate using create_default_context().
-
Antoine Pitrou authored
Issue #21015: SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1". (should also fix a buildbot failure introduced by #20995)
-
Donald Stufft authored
Closes #20995 by Enabling better security by prioritizing ciphers such that: * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) * Prefer ECDHE over DHE for better performance * Prefer any AES-GCM over any AES-CBC for better performance and security * Then Use HIGH cipher suites as a fallback * Then Use 3DES as fallback which is secure but slow * Finally use RC4 as a fallback which is problematic but needed for compatibility some times. * Disable NULL authentication, NULL encryption, and MD5 MACs for security reasons
-
- 21 Mar, 2014 6 commits
-
-
Victor Stinner authored
-
Victor Stinner authored
-
Victor Stinner authored
-
Brett Cannon authored
-
Brett Cannon authored
defined.
-
Vinay Sajip authored
-
- 20 Mar, 2014 14 commits
-
-
Benjamin Peterson authored
-
Zachary Ware authored
-
Zachary Ware authored
"equivalant" was caught by Tobias Käs on docs@, "seperated" and "chartruese" were discovered by a spell-checker.
-
Zachary Ware authored
-
Zachary Ware authored
Pointed out by Colin Davis on docs@.
-
Raymond Hettinger authored
-
Vinay Sajip authored
-
Vinay Sajip authored
-
Vinay Sajip authored
Issue #10141: updated new usages of AF_CAN to be in #ifdef AF_CAN rather than #ifdef HAVE_LINUX_CAN_H to allow compilation on older Linuxes.
-
Victor Stinner authored
multiprocessing.connection
-
Victor Stinner authored
-
Victor Stinner authored
-
Victor Stinner authored
-
Benjamin Peterson authored
-
- 19 Mar, 2014 5 commits
-
-
Zachary Ware authored
-
Victor Stinner authored
-
Zachary Ware authored
-
Zachary Ware authored
- Remove configuration settings from removed _sha3.vcxproj - Don't try to build configurations of _testembed that don't exist (namely, PGInstrument and PGUpdate)
-
Zachary Ware authored
-
