[issue23679] SSL Ciphers RC4
New submission from mogli: The documentation (https://docs.python.org/2/library/ssl.html) says: The settings in Python 2.7.9 are: PROTOCOL_SSLv23, OP_NO_SSLv2, and OP_NO_SSLv3 with high encryption cipher suites without RC4 But it still seems to use RC4: https://www.howsmyssl.com/a/check Also the test at https://www.ssllabs.com/ssltest/viewMyClient.html says it still supports SSLv3 (not so sure about this one). -- messages: 238194 nosy: mogli priority: normal severity: normal status: open title: SSL Ciphers RC4 type: security versions: Python 2.7 ___ Python tracker <http://bugs.python.org/issue23679> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23679] SSL Ciphers RC4
mogli added the comment: So it seems the docs are wrong. -- ___ Python tracker <http://bugs.python.org/issue23679> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23679] SSL Ciphers RC4
mogli added the comment:
That was fast, great job!
For the record: The SSLv3 issue I also wrote about was a false positive because
the test only works with Javascript. Python 2.7.9 has SSLv3 disabled by default
as it should.
urllib2.urlopen("https://sslv3.dshield.org";) # fails as it should
--
___
Python tracker
<http://bugs.python.org/issue23679>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
