[openstack-dev] No PROTOCOL_SSLv3 in Python 2.7 in Sid since 3 days

Donald Stufft donald at stufft.io
Fri Nov 21 17:31:08 UTC 2014

> On Nov 21, 2014, at 11:51 AM, Jeremy Stanley <fungi at yuggoth.org> wrote:
> On 2014-11-21 09:38:00 -0500 (-0500), Doug Hellmann wrote:
>> The patch drops support entirely, but as Brant points out that
>> isn’t backwards-compatible. I’d be interested to hear from the
>> security team about whether the security issues trump the
>> backwards compatibility issues here or if we should maintain
>> optional support (that is, allow v3 if we detect that we can use
>> it because the symbol is present). 
>> Thomas, can you get one or two of the security team to comment on
>> the patch?
> The discussion in https://launchpad.net/bugs/1381365 is relevant to
> this topic.
> -- 
> Jeremy Stanley

Death to SSLv3 IMO.

Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

More information about the OpenStack-dev mailing list