[Python-Dev] Let's make the SSL module sane (original) (raw)

Antoine Pitrou solipsis at pitrou.net
Mon Sep 12 08:01:15 EDT 2016

• Previous message (by thread): [Python-Dev] Let's make the SSL module sane
• Next message (by thread): [Python-Dev] Let's make the SSL module sane
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 10 Sep 2016 20:23:13 +0200 Christian Heimes <christian at python.org> wrote:

It's a bit too clever and tricky for my taste. I prefer 'explicit is better than implicit' for trust anchors. My main concern are secure default settings. A SSLContext should be secure w/o further settings in order to prevent developers to shoot themselves in the knee. Missing root certs are not a direct security issue with CERTREQUIRED. The connection will simply fail. I'd rather improve the error message than to auto-load certs.

Agreed with all this. You don't want to have "magic" behaviour in a security-oriented module. Let people configure their contexts explicitly.

As a reminder, people who don't want to configure TLS themselves should use an intermediate layer instead, such as ssl.create_default_context() or an application protocol implementation (httplib, etc.).

Regards

Antoine.

• Previous message (by thread): [Python-Dev] Let's make the SSL module sane
• Next message (by thread): [Python-Dev] Let's make the SSL module sane
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list