An error occurred fetching the project authors.
- 29 Oct, 2014 1 commit
-
-
Georg Brandl authored
-
- 20 Oct, 2014 1 commit
-
-
Antoine Pitrou authored
-
- 10 Oct, 2014 5 commits
-
-
Victor Stinner authored
-
Victor Stinner authored
-
Victor Stinner authored
-
Victor Stinner authored
server_hostname methods and attributes of SSLSocket.
-
Victor Stinner authored
-
- 27 Sep, 2014 2 commits
-
-
Berker Peksag authored
-
Berker Peksag authored
-
- 25 Jul, 2014 1 commit
-
-
Zachary Ware authored
-
- 17 Jul, 2014 1 commit
-
-
Berker Peksag authored
-
- 17 May, 2014 1 commit
-
-
Antoine Pitrou authored
-
- 24 Mar, 2014 1 commit
-
-
Donald Stufft authored
Closes #21043 by updating the documentation to remove specific CA organizations and update the text to no longer need to tell you to download root certificates, but instead use the OS certificates avaialble through SSLContext.load_default_certs.
-
- 23 Mar, 2014 2 commits
-
-
Donald Stufft authored
Closes #21013 by modfying ssl.create_default_context() to: * Move the restricted ciphers to only apply when using ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not is the lack of RC4 in the restricted. However there are servers that exist that only expose RC4 still. * Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context will select TLS1.1 or TLS1.2 if it is available. * Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets * Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security of the perfect forward secrecy * Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side socket the context will prioritize our ciphers which have been carefully selected to maximize security and performance. * Documents the failure conditions when a SSL3.0 connection is required so that end users can more easily determine if they need to unset ssl.OP_NO_SSLv3.
-
Antoine Pitrou authored
-
- 22 Mar, 2014 2 commits
-
-
Antoine Pitrou authored
Issue #20913: improve the SSL security considerations to first advocate using create_default_context().
-
Donald Stufft authored
Closes #20995 by Enabling better security by prioritizing ciphers such that: * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) * Prefer ECDHE over DHE for better performance * Prefer any AES-GCM over any AES-CBC for better performance and security * Then Use HIGH cipher suites as a fallback * Then Use 3DES as fallback which is secure but slow * Finally use RC4 as a fallback which is problematic but needed for compatibility some times. * Disable NULL authentication, NULL encryption, and MD5 MACs for security reasons
-
- 16 Mar, 2014 1 commit
-
-
Larry Hastings authored
-
- 12 Mar, 2014 1 commit
-
-
Éric Araujo authored
Patch by Tshepang Lekhonkhobe, reviewed by Georg Brandl.
-
- 09 Mar, 2014 1 commit
-
-
R David Murray authored
-
- 28 Dec, 2013 1 commit
-
-
Antoine Pitrou authored
Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data.
-
- 20 Dec, 2013 1 commit
-
-
R David Murray authored
Also remove some extra blank lines in the ssl doc acctions for tls1.1/1.2, and reflow a paragraph.
-
- 02 Dec, 2013 1 commit
-
-
Christian Heimes authored
with server_hostname on handshake.
-
- 29 Nov, 2013 1 commit
-
-
Serhiy Storchaka authored
-
- 23 Nov, 2013 5 commits
-
-
Antoine Pitrou authored
-
Christian Heimes authored
a new SSLContext object with secure default settings.
-
Christian Heimes authored
-
Christian Heimes authored
certificates from default stores or system stores. By default the method loads CA certs for authentication of server certs.
-
Christian Heimes authored
The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.
-
- 22 Nov, 2013 2 commits
-
-
Christian Heimes authored
Also change the argument name to the same name as getpeercert()
-
Christian Heimes authored
CRL enumeration are now two functions. enum_certificates() also returns purpose flags as set of OIDs.
-
- 21 Nov, 2013 3 commits
-
-
Christian Heimes authored
of the context in order to enable certification revocation list (CRL) checks or strict X509 rules.
-
Christian Heimes authored
and CRL distribution points.
-
Christian Heimes authored
to load CA certificates and CRL from memory. It supports PEM and DER encoded strings.
-
- 17 Nov, 2013 1 commit
-
-
Antoine Pitrou authored
-
- 29 Oct, 2013 3 commits
-
-
Christian Heimes authored
-
Christian Heimes authored
-
Christian Heimes authored
-
- 27 Oct, 2013 1 commit
-
-
Georg Brandl authored
for security reasons. It now doesn't match multiple wildcards nor wildcards inside IDN fragments.
-
- 06 Oct, 2013 1 commit
-
-
Georg Brandl authored
-