libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kami <...@git.apache.org>
Subject [GitHub] libcloud pull request: [WIP] [DON'T MERGE] Use ssl.PROTOCOL_SSLv23...
Date Sat, 16 Jan 2016 14:07:09 GMT
GitHub user Kami opened a pull request:

    https://github.com/apache/libcloud/pull/683

    [WIP] [DON'T MERGE] Use ssl.PROTOCOL_SSLv23 constant by default under Python >= 2.7.9
< 3 and >= 3.4

    Note: This pull request is W.I.P. and not yet ready to be reviewed and merged.
    
    This pull request updates the code to use `ssl.PROTOCOL_SSLv23` constant for `ssl_version`
attribute when establishing SSL / TLS connection when using Python >= 2.7.9 < 3 and
Python >= 3.4.
    
    This constant offers the best security and compatibility since it will pick between TLS
v1.0, TLS v1.1 and TLS v1.2 depending on the version supported / requested by the server.
This is only done under aforementioned Python versions since un-secure SSL v3.0 is disabled
by default in those versions.
    
    In other versions where SSL v3.0 is not disabled we still use TLS v1.0 (`ssl.PROTOCOL_TLSv1`)
which means nothing has changed - that's the same as the old / existing behavior.
    
    Another thing to keep in mind is that user can also explicitly specify which version they
want to use using `libcloud.security.SSL_VERSION` variable and this value has precedence over
dynamically obtained values.
    
    Ideally, if users know that the server supports TLS v1.2 they should explicitly specify
and use that aka the highest supported versions (that's also mentioned in the documentation).

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/Kami/libcloud use_sslv23_constant_in_newer_versions_of_python

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/libcloud/pull/683.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #683
    
----
commit 4b218afdac4d6bbde00d4a0089dfa914ef5bd575
Author: Tomaz Muraus <tomaz@tomaz.me>
Date:   2016-01-16T13:13:14Z

    Update SSL related code to use ssl.PROTOCOL_v23 constant on Python >= 2.7.9 and
    Python >= 3.4 by default.
    
    In those versions SSL v3.0 is disabled by default so it's safe to use this
    constant and it results in the best compatibility since it will use TLS v1.0 /
    v1.1 / v1.2 based on the versions supported by the server.
    
    Also refactor exception wrapping functionality into a separate function.

commit 67b5131222ab72a583f203af69a9b0dd42876877
Author: Tomaz Muraus <tomaz@tomaz.me>
Date:   2016-01-16T13:31:06Z

    Add test cases for get_ssl_version function.

commit d9eb1755c009b5c2e2fe23c3797d1f41c883b34e
Author: Tomaz Muraus <tomaz@tomaz.me>
Date:   2016-01-16T13:58:30Z

    Use ssl_create_default context under Python >= 2.7.9 < 3 or Python >= 3.4

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message