Issue 15549: openssl version in windows builds does not support renegotiation (original) (raw)
Issue15549
Created on 2012-08-03 15:09 by cory.mintz, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Messages (2) | ||
|---|---|---|
| msg167336 - (view) | Author: Cory Mintz (cory.mintz) | Date: 2012-08-03 15:09 |
| The Python 2.7.3 and 2.6.8 Windows builds are both built against "OpenSSL 0.9.8l 5 Nov 2009". This specific version of OpenSSL had renegotiation removed due a security vulnerability. Except from http://svn.python.org/projects/external/openssl-0.9.8x/NEWS. Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m: ... o Support for RFC5746 TLS renegotiation extension. ... Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l: o Temporary work around for CVE-2009-3555: disable renegotiation. Can the OpenSSL version be updated to at least OpenSSL 0.9.8m so renegotiation is supported? | ||
| msg222134 - (view) | Author: Mark Lawrence (BreamoreBoy) * | Date: 2014-07-02 21:52 |
| @Cory the latest version of openssl is 1.0.1g for Python 2.7.7. Please see PEP 466 and issue 21462 |
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:57:33 | admin | set | github: 59754 |
| 2014-07-03 08:27:35 | ned.deily | set | status: open -> closedstage: resolvedresolution: out of dateversions: - Python 2.6 |
| 2014-07-02 21:52:44 | BreamoreBoy | set | nosy: + BreamoreBoymessages: + |
| 2012-08-03 16:40:01 | pitrou | set | nosy: + loewis |
| 2012-08-03 15:09:35 | cory.mintz | create |