| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Issue #28085: Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContext | Christian Heimes | 2016-09-12 | 1 | -0/+2 | 
| | | |||||
| * | Issue #19500: Add client-side SSL session resumption to the ssl module. | Christian Heimes | 2016-09-10 | 1 | -12/+53 | 
| | | |||||
| * | Issue #28022: Deprecate ssl-related arguments in favor of SSLContext. | Christian Heimes | 2016-09-10 | 1 | -1/+0 | 
| | | | | | | | | The deprecation include manual creation of SSLSocket and certfile/keyfile (or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib. ssl.wrap_socket() is not marked as deprecated yet. | ||||
| * | Issue 28043: SSLContext has improved default settings | Christian Heimes | 2016-09-10 | 1 | -24/+6 | 
| | | | | | The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2). | ||||
| * | Issue #28025: Convert all ssl module constants to IntEnum and IntFlags. | Christian Heimes | 2016-09-10 | 1 | -19/+61 | 
| | | |||||
| * | Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵ | Christian Heimes | 2016-09-06 | 1 | -15/+21 | 
| |\ | | | | | | | ChaCha20 Poly1305. | ||||
| | * | Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵ | Christian Heimes | 2016-09-06 | 1 | -15/+21 | 
| | | | | | | | | | ChaCha20 Poly1305. | ||||
| * | | Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. | Christian Heimes | 2016-09-05 | 1 | -8/+10 | 
| |\ \ | |/ | |||||
| | * | Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. | Christian Heimes | 2016-09-05 | 1 | -8/+10 | 
| | | | |||||
| * | | Issue #27114: Fix SSLContext._load_windows_store_certs fails with ↵ | Steve Dower | 2016-05-26 | 1 | -5/+9 | 
| |\ \ | |/ | | | | | PermissionError | ||||
| | * | Issue #27114: Fix SSLContext._load_windows_store_certs fails with ↵ | Steve Dower | 2016-05-26 | 1 | -5/+9 | 
| | | | | | | | | | PermissionError | ||||
| * | | Issue #25951: Fix SSLSocket.sendall() to return None, by Aviv Palivoda | Martin Panter | 2016-04-03 | 1 | -1/+0 | 
| |/ | |||||
| * | Issue #23804: Fix SSL recv/read(0) to not return 1024 bytes | Martin Panter | 2016-03-28 | 1 | -3/+3 | 
| | | |||||
| * | Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store ↵ | Steve Dower | 2016-03-17 | 1 | -1/+2 | 
| | | | | | is empty. Patch by Baji. | ||||
| * | issue23673 | Ethan Furman | 2015-03-18 | 1 | -4/+4 | 
| | | | | | | | | | | add private method to enum to support replacing global constants with Enum members: - search for candidate constants via supplied filter - create new enum class and members - insert enum class and replace constants with members via supplied module name - replace __reduce_ex__ with function that returns member name, so previous Python versions can unpickle modify IntEnum classes to use new method | ||||
| * | merge 3.4 | Benjamin Peterson | 2015-03-04 | 1 | -2/+1 | 
| |\ | |||||
| | * | use _import_symbols to import VERIFY_* constants | Benjamin Peterson | 2015-03-04 | 1 | -2/+1 | 
| | | | |||||
| * | | merge 3.4 (#23481) | Benjamin Peterson | 2015-02-19 | 1 | -4/+2 | 
| |\ \ | |/ | |||||
| | * | remove rc4 from the default client ciphers (closes #23481) | Benjamin Peterson | 2015-02-19 | 1 | -4/+2 | 
| | | | |||||
| | * | Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The | Victor Stinner | 2015-01-06 | 1 | -1/+6 | 
| | | | | | | | | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil. | ||||
| | * | Issue #20896, #22935: The ssl.get_server_certificate() function now uses the | Victor Stinner | 2015-01-06 | 1 | -1/+1 | 
| | | | | | | | | | | | | | ssl.PROTOCOL_SSLv23 protocol by default, not ssl.PROTOCOL_SSLv3, for maximum compatibility and support platforms where ssl.PROTOCOL_SSLv3 support is disabled. | ||||
| | * | Issue #22935: Fix ssl module when SSLv3 protocol is not supported | Victor Stinner | 2014-12-12 | 1 | -6/+2 | 
| | | | |||||
| * | | Issue #23239: ssl.match_hostname() now supports matching of IP addresses. | Antoine Pitrou | 2015-02-15 | 1 | -1/+22 | 
| | | | |||||
| * | | add support for ALPN (closes #20188) | Benjamin Peterson | 2015-01-23 | 1 | -1/+26 | 
| | | | |||||
| * | | remove extra definite article | Benjamin Peterson | 2015-01-11 | 1 | -2/+2 | 
| | | | |||||
| * | | explain None can be returned | Benjamin Peterson | 2015-01-07 | 1 | -1/+3 | 
| | | | |||||
| * | | expose the client's cipher suites from the handshake (closes #23186) | Benjamin Peterson | 2015-01-07 | 1 | -0/+10 | 
| | | | |||||
| * | | Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The | Victor Stinner | 2014-11-28 | 1 | -1/+6 | 
| | | | | | | | | | | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil. | ||||
| * | | merge 3.4 (#22921) | Benjamin Peterson | 2014-11-23 | 1 | -6/+1 | 
| |\ \ | |/ | |||||
| | * | don't require OpenSSL SNI to pass hostname to ssl functions (#22921) | Benjamin Peterson | 2014-11-23 | 1 | -6/+1 | 
| | | | | | | | | | Patch by Donald Stufft. | ||||
| | * | Issue #22638: SSLv3 is now disabled throughout the standard library. | Antoine Pitrou | 2014-10-17 | 1 | -0/+3 | 
| | | | | | | | | | It can still be enabled by instantiating a SSLContext manually. | ||||
| * | | merge 3.4 (#22417) | Benjamin Peterson | 2014-11-03 | 1 | -2/+8 | 
| |\ \ | |/ | |||||
| | * | PEP 476: enable HTTPS certificate verification by default (#22417) | Benjamin Peterson | 2014-11-03 | 1 | -2/+9 | 
| | | | | | | | | | Patch by Alex Gaynor with some modifications by me. | ||||
| * | | Issue #22186: Fix typos in Lib/. | Berker Peksag | 2014-10-19 | 1 | -1/+1 | 
| |\ \ | |/ | | | | | Patch by Févry Thibault. | ||||
| | * | Issue #22186: Fix typos in Lib/. | Berker Peksag | 2014-10-19 | 1 | -1/+1 | 
| | | | | | | | | | Patch by Févry Thibault. | ||||
| * | | Issue #22638: SSLv3 is now disabled throughout the standard library. | Antoine Pitrou | 2014-10-17 | 1 | -0/+3 | 
| | | | | | | | | | It can still be enabled by instantiating a SSLContext manually. | ||||
| * | | Remove unused "block" argument in SSLObject.do_handshake() (issue #21965) | Antoine Pitrou | 2014-10-06 | 1 | -1/+1 | 
| | | | |||||
| * | | Issue #21965: Add support for in-memory SSL to the ssl module. | Antoine Pitrou | 2014-10-05 | 1 | -24/+139 | 
| | | | | | | | | | Patch by Geert Jansen. | ||||
| * | | merge 3.4 (#22449) | Benjamin Peterson | 2014-10-03 | 1 | -2/+1 | 
| |\ \ | |/ | |||||
| | * | also use openssl envvars to find certs on windows (closes #22449) | Benjamin Peterson | 2014-10-03 | 1 | -2/+1 | 
| | | | | | | | | | Patch by Christian Heimes and Alex Gaynor. | ||||
| * | | Issue #20421: Add a .version() method to SSL sockets exposing the actual ↵ | Antoine Pitrou | 2014-09-04 | 1 | -0/+9 | 
| | | | | | | | | | protocol version in use. | ||||
| * | | fix issue #17552: add socket.sendfile() method allowing to send a file over ↵ | Giampaolo Rodola' | 2014-06-11 | 1 | -0/+10 | 
| | | | | | | | | | a socket by using high-performance os.sendfile() on UNIX. Patch by Giampaolo Rodola'· | ||||
| * | | Issue #20951: SSLSocket.send() now raises either SSLWantReadError or ↵ | Antoine Pitrou | 2014-04-29 | 1 | -11/+1 | 
| | | | | | | | | | | | | | SSLWantWriteError on a non-blocking socket if the operation would block. Previously, it would return 0. Patch by Nikolaus Rath. | ||||
| * | | Issue #19940: ssl.cert_time_to_seconds() now interprets the given time ↵ | Antoine Pitrou | 2014-04-28 | 1 | -5/+27 | 
| | | | | | | | | | | | | | string in the UTC timezone (as specified in RFC 5280), not the local timezone. Patch by Akira. | ||||
| * | | Issue #21068: The ssl.PROTOCOL* constants are now enum members. | Antoine Pitrou | 2014-04-18 | 1 | -19/+8 | 
| | | | |||||
| * | | Issue #20896: ssl.get_server_certificate() now uses PROTOCOL_SSLv23, not ↵ | Antoine Pitrou | 2014-04-16 | 1 | -1/+1 | 
| |/ | | | | PROTOCOL_SSLv3, for maximum compatibility. | ||||
| * | Issue #21013: Enhance ssl.create_default_context() for server side contexts | Donald Stufft | 2014-03-23 | 1 | -6/+24 | 
| | | | | | | | | | | | | | | | | | | | | | Closes #21013 by modfying ssl.create_default_context() to: * Move the restricted ciphers to only apply when using ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not is the lack of RC4 in the restricted. However there are servers that exist that only expose RC4 still. * Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context will select TLS1.1 or TLS1.2 if it is available. * Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets * Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security of the perfect forward secrecy * Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side socket the context will prioritize our ciphers which have been carefully selected to maximize security and performance. * Documents the failure conditions when a SSL3.0 connection is required so that end users can more easily determine if they need to unset ssl.OP_NO_SSLv3. | ||||
| * | Issue #20995: Enhance default ciphers used by the ssl module | Donald Stufft | 2014-03-21 | 1 | -8/+31 | 
| | | | | | | | | | | | | | | | | Closes #20995 by Enabling better security by prioritizing ciphers such that: * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) * Prefer ECDHE over DHE for better performance * Prefer any AES-GCM over any AES-CBC for better performance and security * Then Use HIGH cipher suites as a fallback * Then Use 3DES as fallback which is secure but slow * Finally use RC4 as a fallback which is problematic but needed for compatibility some times. * Disable NULL authentication, NULL encryption, and MD5 MACs for security reasons | ||||
| * | Issue #20976: pyflakes: Remove unused imports | Victor Stinner | 2014-03-20 | 1 | -3/+0 | 
| | | |||||
| * | Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, ↵ | Antoine Pitrou | 2013-12-28 | 1 | -0/+5 | 
| |\ | | | | | | | rather than silently let them emit clear text data. | ||||
