[issue23679] SSL Ciphers RC4

2015-03-17 Thread mogli
mogli added the comment: That was fast, great job! For the record: The SSLv3 issue I also wrote about was a false positive because the test only works with Javascript. Python 2.7.9 has SSLv3 disabled by default as it should. urllib2.urlopen("https://sslv3.dshield.org";) # fails as it should

[issue23679] SSL Ciphers RC4

2015-03-16 Thread Roundup Robot
Roundup Robot added the comment: New changeset e1dfa5f0709f by Benjamin Peterson in branch '2.7': versionchanged for rc4 removal (closes #23679) https://hg.python.org/cpython/rev/e1dfa5f0709f New changeset 2a6a63828a40 by Benjamin Peterson in branch '3.4': versionchanged for rc4 removal (closes

[issue23679] SSL Ciphers RC4

2015-03-16 Thread R. David Murray
Changes by R. David Murray : -- resolution: duplicate -> ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https

[issue23679] SSL Ciphers RC4

2015-03-16 Thread R. David Murray
R. David Murray added the comment: But the doc explicitly says 2.7.9, so no, they are not correct. There also should be versionchanged directive, I think. -- assignee: -> docs@python components: +Documentation dependencies: -SSL module should not offer RC4 based cipher suites for cli

[issue23679] SSL Ciphers RC4

2015-03-16 Thread mogli
mogli added the comment: So it seems the docs are wrong. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: htt

[issue23679] SSL Ciphers RC4

2015-03-16 Thread Benjamin Peterson
Benjamin Peterson added the comment: They're correct for the next release. :( -- ___ Python tracker ___ ___ Python-bugs-list mailing l

[issue23679] SSL Ciphers RC4

2015-03-16 Thread STINNER Victor
STINNER Victor added the comment: You can explicitly disable RC4 if you create a SSLContext and then call set_ciphers() with the right list of ciphers. See for examples cipher lists of Python 2.7 (development branch): https://hg.python.org/cpython/file/0b44c749ae51/Lib/ssl.py#l150 Add ":!RC4"

[issue23679] SSL Ciphers RC4

2015-03-16 Thread Benjamin Peterson
Benjamin Peterson added the comment: RC4 is dropped in the next releases. -- dependencies: +SSL module should not offer RC4 based cipher suites for clients by default nosy: +benjamin.peterson resolution: -> duplicate status: open -> closed ___ Pytho

[issue23679] SSL Ciphers RC4

2015-03-16 Thread Alex Gaynor
Alex Gaynor added the comment: I believe RC4 will still be used under 2.7.9 on clients, this is changed for 2.7.10 -- ___ Python tracker ___

[issue23679] SSL Ciphers RC4

2015-03-16 Thread R. David Murray
Changes by R. David Murray : -- nosy: +alex, dstufft ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://ma

[issue23679] SSL Ciphers RC4

2015-03-16 Thread mogli
New submission from mogli: The documentation (https://docs.python.org/2/library/ssl.html) says: The settings in Python 2.7.9 are: PROTOCOL_SSLv23, OP_NO_SSLv2, and OP_NO_SSLv3 with high encryption cipher suites without RC4 But it still seems to use RC4: https://www.howsmyssl.com/a/check Also t