Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable the use of session tickets on TLSv1.2 by default #1970

Merged
merged 3 commits into from Sep 25, 2020
Merged

Disable the use of session tickets on TLSv1.2 by default #1970

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
38c2679
disable the use of session tickets on TLSv1.2 by default
PleasantMachine9 Sep 18, 2020
69e82e3
Update ssl_.py
sethmlarson Sep 25, 2020
1bda47f
Update ssl_.py
sethmlarson Sep 25, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 7 additions & 1 deletion src/urllib3/util/ssl_.py
View file
Open in desktop
Expand Up @@ -58,10 +58,11 @@ def _const_compare_digest_backport(a, b):


try:
from ssl import OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_COMPRESSION
from ssl import OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_COMPRESSION, OP_NO_TICKET
except ImportError:
OP_NO_SSLv2, OP_NO_SSLv3 = 0x1000000, 0x2000000
OP_NO_COMPRESSION = 0x20000
OP_NO_TICKET = 0x4000


# A secure default.
Expand Down Expand Up @@ -273,6 +274,11 @@ def create_urllib3_context(
# Disable compression to prevent CRIME attacks for OpenSSL 1.0+
# (issue #309)
options |= OP_NO_COMPRESSION
# TLSv1.2 only. Unless set explicitly, do not request tickets.
# This may save some bandwidth on wire, and although the ticket is encrypted,
# there is a risk associated with it being on wire,
# if the server is not rotating its ticketing keys properly.
options |= OP_NO_TICKET

context.options |= options

Expand Down