twisted.internet.ssl.CertificateOptions should default to supporting TLSv1.1 and TLSv1.2 (in addition to TLSv1.0)
|Reported by:||amluto||Owned by:||exarkun|
branch-diff, diff-cov, branch-cov, buildbot
Description (last modified by exarkun)
It currently defaults to supporting TLS v1.0 only. This is good - in that it excludes SSLv2 and SSLv3. It is bad in that it excludes the newer TLSv1.1 and TLSv1.2.
An implementation strategy (sadly not an obvious one) for making this change with the OpenSSL API is to create a Context using SSLv23_METHOD and then set the OP_NO_SSLv2 and OP_NO_SSLv3 options.
Change History (10)
comment:1 Changed 3 years ago by exarkun
- Description modified (diff)
- Summary changed from internet._sslverify.OpenSSLCertificateOptions should default to SSLv23_METHOD to twisted.internet.ssl.CertificateOptions should default to supporting TLSv1.1 and TLSv1.2 (in addition to TLSv1.0)