[openstack-dev] No PROTOCOL_SSLv3 in Python 2.7 in Sid since 3 days
Donald Stufft
donald at stufft.io
Fri Nov 21 17:31:08 UTC 2014
> On Nov 21, 2014, at 11:51 AM, Jeremy Stanley <fungi at yuggoth.org> wrote:
>
> On 2014-11-21 09:38:00 -0500 (-0500), Doug Hellmann wrote:
>> The patch drops support entirely, but as Brant points out that
>> isn’t backwards-compatible. I’d be interested to hear from the
>> security team about whether the security issues trump the
>> backwards compatibility issues here or if we should maintain
>> optional support (that is, allow v3 if we detect that we can use
>> it because the symbol is present).
>>
>> Thomas, can you get one or two of the security team to comment on
>> the patch?
>
> The discussion in https://launchpad.net/bugs/1381365 is relevant to
> this topic.
> --
> Jeremy Stanley
>
Death to SSLv3 IMO.
---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
More information about the OpenStack-dev
mailing list