[Python-Dev] Let's make the SSL module sane (original) (raw)
Nick Coghlan ncoghlan at gmail.com
Sat Sep 10 11:24:13 EDT 2016
- Previous message (by thread): [Python-Dev] Let's make the SSL module sane
- Next message (by thread): [Python-Dev] Let's make the SSL module sane
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 11 September 2016 at 00:22, Christian Heimes <christian at python.org> wrote:
First I like to deprecated some old APIs and favor of SSLCotext. We have multiple ways to create a SSL socket or to configure libraries like urllib. The general idea is to make SSLContext the central object for TLS/SSL configuration. My patch deprecates ssl.wrapsocket()
I'll bring over my question from the tracker issue to here: there's a subset of ssl.wrap_socket() arguments which actually make sense as arguments to ssl.get_default_context().wrap_socket().
Accordingly, we can pick a subset of code (e.g. SSL/TLS clients) that we bless with not needing to change, leaving only code using deprecated parameters or creating server sockets that needs to be updated.
As with past network security changes, a major factor we need to account for is that no matter how valuable a particular goal is from a broader industry perspective, people don't tend to react to API breaks by fixing their code - they react by not upgrading at all.
Regards, Nick.
-- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
- Previous message (by thread): [Python-Dev] Let's make the SSL module sane
- Next message (by thread): [Python-Dev] Let's make the SSL module sane
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]