[Python-Dev] which SSL client protocols work with which server protocols? (original) (raw)
Matt Goodall matt at pollenation.net
Tue Sep 11 13:59:51 CEST 2007
- Previous message: [Python-Dev] which SSL client protocols work with which server protocols?
- Next message: [Python-Dev] testing in a Python --without-threads build
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bill Janssen wrote:
Here's the updated connection table:
SSL2 SSL3 SS23 TLS1 SSL2 yes no yes no SSL3 yes yes yes no SSL23 yes no yes no TLS1 no no yes yes Given this, I think the client-side default should be changed from SSLv23 to SSLv3, and the server-side default should be SSLv23.
I believe you are correct.
I did some experiments with this a while ago after hitting problems connecting to some SSL servers although I can't remember the exact results now.
More importantly, what you recommend is what Twisted does and I'd believe them more than me any time ;-).
See Twisted's DefaultOpenSSLContextFactory [1] for the server side and ClientContextFactory [2] for the client side.
Cheers, Matt
[1] DefaultOpenSSLContextFactory, http://twistedmatrix.com/trac/browser/trunk/twisted/internet/ssl.py#L67
[2] ClientContextFactory, http://twistedmatrix.com/trac/browser/trunk/twisted/internet/ssl.py#L102
-- Matt Goodall, Pollenation Internet Ltd Technology House, 237 Lidgett Lane, Leeds LS17 6QR Registered No 4382123 A member of the Brunswick MCL Group of Companies w: http://www.pollenation.net/ e: matt at pollenation.net t: +44 113 2252500
- Previous message: [Python-Dev] which SSL client protocols work with which server protocols?
- Next message: [Python-Dev] testing in a Python --without-threads build
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]