SSL 101¶
The following SSL protocols are considered insecure.
PROTCOL_SSLv3
PROTOCOL_SSLv2
PROTOCOL_TLSv1
PROTOCOL_TLSv1_1
Fixes¶
- Use
ssl.create_default_context()
instead of trying to do this yourself - Do not use version specifiers, use
PROTOCOL_TLS
with options disallowing the bad protocols
See Also¶
- http://heartbleed.com/
- http://poodlebleed.com/
- https://www.openssl.org/~bodo/ssl-poodle.pdf
- https://docs.python.org/3/library/ssl.html#ssl-security