diff options
| -rw-r--r-- | Lib/ssl.py | 3 | ||||
| -rw-r--r-- | Misc/NEWS | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/Lib/ssl.py b/Lib/ssl.py index b6e6f1695d..2b81b790d8 100644 --- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -458,6 +458,9 @@ def _create_unverified_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None, context = SSLContext(protocol) # SSLv2 considered harmful. context.options |= OP_NO_SSLv2 + # SSLv3 has problematic security and is only required for really old + # clients such as IE6 on Windows XP + context.options |= OP_NO_SSLv3 if cert_reqs is not None: context.verify_mode = cert_reqs @@ -36,6 +36,9 @@ Core and Builtins Library ------- +- Issue #22638: SSLv3 is now disabled throughout the standard library. + It can still be enabled by instantiating a SSLContext manually. + - Issue #22370: Windows detection in pathlib is now more robust. - Issue #22841: Reject coroutines in asyncio add_signal_handler(). |