[Python-Dev] Issues in Python TLS (original) (raw)

Barry Warsaw barry at python.org
Sun Aug 14 13:50:36 EDT 2016

• Previous message (by thread): [Python-Dev] Issues in Python TLS
• Next message (by thread): [Python-Dev] Issues in Python TLS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Aug 13, 2016, at 04:14 PM, Benjamin Peterson wrote:

Correctness of TLS certificate verification is known to depend deeply on distribution. Python began to verify certificates by default only in in version 2.7.9. Many OS distributions (in particular, Ubuntu) did not enable verification for their stable distributions for backwards compatibility reasons. You might find looking at distro bugs for CVE-2014-9365 edifying.

In particular, we discussed this issue with the Ubuntu security team and decided that the backward compatibility issues required not enabling this by default for older versions. We did however include the mechanisms from PEP 493 so that end-users and system administrators could make different choices based on their own assessments and needs.

Cheers, -Barry

• Previous message (by thread): [Python-Dev] Issues in Python TLS
• Next message (by thread): [Python-Dev] Issues in Python TLS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list