[Python-Dev] Enable Hostname and Certificate Chain Validation (original) (raw)
Antoine Pitrou solipsis at pitrou.net
Thu Jan 23 16:03:26 CET 2014
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 23 Jan 2014 01:45:15 -0500 Scott Dial <scott+python-dev at scottdial.com> wrote:
Anecdotally, I already know of a system at work that is using HTTPS purely for encryption, because the authentication is done in-band. So, a self-signed cert was wholly sufficient. The management tools use a RESTful interface over HTTPS for control, but you are telling me this will be broken by default now. What do I tell our developers (who often adopt the latest and greatest versions of things to play with)?
That the system may be vulnerable to MITM attacks? (depending on how the authentication is done)
Regards
Antoine.
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]