From 36fe7926f888ba154b64904b91a5dd8c83e6c167 Mon Sep 17 00:00:00 2001 From: Benjamin Peterson Date: Tue, 30 Dec 2014 15:15:43 -0600 Subject: [PATCH] make PROTOCOL_SSLv23 the default protocol version for ftplib (closes #23111) --- Lib/ftplib.py | 4 ++-- Misc/NEWS | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Lib/ftplib.py b/Lib/ftplib.py index 9c73f5f019d..cd8c1a987eb 100644 --- a/Lib/ftplib.py +++ b/Lib/ftplib.py @@ -713,7 +713,7 @@ class FTP_TLS(FTP): '221 Goodbye.' >>> ''' - ssl_version = ssl.PROTOCOL_TLSv1 + ssl_version = ssl.PROTOCOL_SSLv23 def __init__(self, host='', user='', passwd='', acct='', keyfile=None, certfile=None, context=None, @@ -743,7 +743,7 @@ def auth(self): '''Set up secure control connection by using TLS/SSL.''' if isinstance(self.sock, ssl.SSLSocket): raise ValueError("Already using TLS") - if self.ssl_version == ssl.PROTOCOL_TLSv1: + if self.ssl_version >= ssl.PROTOCOL_SSLv23: resp = self.voidcmd('AUTH TLS') else: resp = self.voidcmd('AUTH SSL') diff --git a/Misc/NEWS b/Misc/NEWS index 7932c77f1cc..42cbc39d6e3 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -41,6 +41,9 @@ Core and Builtins Library ------- +- Issue #23111: In the ftplib, make ssl.PROTOCOL_SSLv23 the default protocol + version. + - Issue #22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(), instead of reading /dev/urandom, to get pseudo-random bytes.