Message 71404 - Python tracker (original) (raw)

There should be a way to disable SSLv2 since it is insecure. It would be even better if SSLv2 was disabled out of the box, but maybe there could be a way to re-enable it.

I made the default to disable SSLv2 in M2Crypto, but those that want it can explicitly request unsecure connection. You can take a look at http://svn.osafoundation.org/m2crypto/trunk/M2Crypto/SSL/Context.py to see how I did it.

Modern web browsers are also removing SSLv2 support from them, so it should be really rare to actually need v2 anywhere.