Cristian Rodríguez wrote:
- SSL.Context.__init__(self, 'sslv23') + SSL.Context.__init__(self, 'tlsv1')
That has an unexpected side effect. Selecting TLS 1.0 explictly will make openssl only accept that and nothing else. Ie would reject TLS 1.1 or any other newer version. Contrary to what the name suggests SSLv23_client_method does support TLS, any version. It automatically accepts the best version available. So to force TLS only use SSLv23_client_method() and disable SSLv2 and SSLv3 :-) That's exactly what the proposed apache config SSLProtocol all -SSLv2 -SSLv3 internally does too. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org