Skip to content

SSL Version #4427

New issue
New issue
Closed
#4531
Closed
SSL Version#4427
#4531

Description

@mlucool

mlucool
openedon Feb 25, 2019

Notebook is setting an explicit version of SSL as the default here:

notebook/notebook/notebookapp.py

Line 1424 in bba82ca

ssl_options.setdefault('ssl_version', ssl.PROTOCOL_TLSv1)

This is overriding the default version for ssl of PROTOCOL_SSLv23 (which is now named PROTOCOL_TLS). I think the ssl default is better as it is documented as

Selects the highest protocol version that both the client and server support. Despite the name, this option can select “TLS” protocols as well as “SSL”.

This comes up as TLS 1 is now considered poor, just like the thing that line was meant to protect against, and chrome has deprecated it: https://www.chromestatus.com/feature/5654791610957824.

Can we consider either removing that line and/or moving to be explicitly ssl.PROTOCOL_TLS?

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    status:resolved-locked

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions