Re: [Python-Dev] OpenSSL vulnerability :: ASPN Mail Archive

Recent Messages
List Archives
About the List
List Leaders
Subscription Options

View Subscriptions
Help

View by Topic
ActiveState
.NET Framework
Open Source
Perl
PHP
Python
Tcl
Web Services
XML & XSLT

View by Category
Database
General
SOAP
System Administration
Tools
User Interfaces
Web Programming
XML Programming

MyASPN >> Mail Archive >> python-dev

python-dev

Re: [Python-Dev] OpenSSL vulnerability
by Geremy Condra other posts by this author
Nov 6 2009 1:17PM messages near this date

Re: [Python-Dev] OpenSSL vulnerability | [Python-Dev] Summary of Python tracker Issues

On Fri, Nov 6, 2009 at 3:22 PM, Guido van Rossum <guido@[...].org>  wrote:
>  Now that a new SSL vulnerability is out
>  (http://extendedsubset.com/?p=8) should we regenerate binary
>  distributions that include copies of openssl (I think only the Windows
>  MSIs) ?
> 
>  Does it affect any of our ssl APIs?
> 
>  --
>  --Guido van Rossum (python.org/~guido)

The proposal on the table is to add a TLS extension that
takes care of the problem, leave clients unchanged, and
to stop servers from rehandshaking with clients that don't
support the extension. AFAICS, that's all supposed to be
handled by openssl. Certainly the EVP stuff won't need
to be modified.

The version of openssl being distributed should definitely
be brought up to 0.9.8l though.

Geremy Condra
_______________________________________________
Python-Dev mailing list
Python-Dev@[...].org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-dev-ml%40maillist.acti
vestate.com

Thread:

Guido van Rossum

Bill Janssen

exarkun

Guido van Rossum

Georg Brandl

martin

Barry Warsaw

Nick Coghlan

Barry Warsaw

Geremy Condra