Issue23111
Created on 2014-12-24 21:45 by varde, last changed 2015-01-04 16:20 by python-dev. This issue is now closed.
| Messages (9) | |||
|---|---|---|---|
| msg233087 - (view) | Author: (varde) | Date: 2014-12-24 21:45 | |
When trying to connect to a server which only supports TLS version 1.1 or 1.2, the following error is raised:
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:598)
For some reason, the SSL version is set to ssl.PROTOCOL_TLSv1 before initialisation and an SSL context is created in __init__, making any subsequent change to ssl_version useless.
The only way to establish a successful connection is to pass a custom SSL context to the constructor.
I think ssl_version should be settable at construction time before the context is created.
I'm not sure exposing ssl_version is useful either, the documentation mentions it but it has no use after initialisation.
The following lines should also be changed:
if self.ssl_version == ssl.PROTOCOL_TLSv1:
resp = self.voidcmd('AUTH TLS')
|
|||
| msg233118 - (view) | Author: Antoine Pitrou (pitrou) * | Date: 2014-12-26 21:38 | |
> The only way to establish a successful connection is to pass a custom SSL context to the constructor. Why don't you do just that? |
|||
| msg233155 - (view) | Author: (varde) | Date: 2014-12-28 22:01 | |
Well, because the ssl_version parameter should have a purpose. If it doesn't, the least we could do is remove it from the docs. |
|||
| msg233214 - (view) | Author: Giampaolo Rodola' (giampaolo.rodola) * | Date: 2014-12-30 18:12 | |
ssl_version is a class attribute so you can simply set that before instantiating FTP_TLS class: >>> import ftplib >>> ftplib.FTP_TLS.ssl_version = ... >>> client = ftplib.FTP_TLS(...) >>> ... |
|||
| msg233217 - (view) | Author: (varde) | Date: 2014-12-30 19:34 | |
I know that, but it seems pretty unusual. And I would never had guessed from the documentation, I had to read the source. My point is that it should be easier to just connect to a TLSv1.2 server: the documentation should mention the fact that ssl_version is a class attribute or it should be set to something more compatible like ssl.PROTOCOL_SSLv23. I'm not sure about the implications of the latter. I'm not saying that this is a serious bug, but I'm used to Python providing us with something that works (more or less) out of the box. |
|||
| msg233221 - (view) | Author: Roundup Robot (python-dev) | Date: 2014-12-30 21:16 | |
New changeset 414c450e8406 by Benjamin Peterson in branch '3.4': make PROTOCOL_SSLv23 the default protocol version for ftplib (closes #23111) https://hg.python.org/cpython/rev/414c450e8406 New changeset 33603f7949c5 by Benjamin Peterson in branch 'default': merge 3.4 (#23111) https://hg.python.org/cpython/rev/33603f7949c5 |
|||
| msg233222 - (view) | Author: Roundup Robot (python-dev) | Date: 2014-12-30 21:17 | |
New changeset 29689050ec78 by Benjamin Peterson in branch '3.4': update docs for #23111 https://hg.python.org/cpython/rev/29689050ec78 |
|||
| msg233421 - (view) | Author: Arfrever Frehtes Taifersar Arahesis (Arfrever) * | Date: 2015-01-04 16:13 | |
I think that this fix should be applied also in 2.7 branch. |
|||
| msg233423 - (view) | Author: Roundup Robot (python-dev) | Date: 2015-01-04 16:20 | |
New changeset 98ee845a139a by Benjamin Peterson in branch '2.7': make SSLv23 the default version in ftplib (closes #23111) https://hg.python.org/cpython/rev/98ee845a139a |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2015-01-04 16:20:32 | python-dev | set | status: open -> closed resolution: fixed messages: + msg233423 stage: resolved |
| 2015-01-04 16:13:41 | Arfrever | set | status: closed -> open versions:
+ Python 2.7, Python 3.4 messages:
+ msg233421 |
| 2014-12-30 21:17:23 | python-dev | set | messages: + msg233222 |
| 2014-12-30 21:16:33 | python-dev | set | status: open -> closed nosy:
+ python-dev resolution: fixed |
| 2014-12-30 19:34:53 | varde | set | messages: + msg233217 |
| 2014-12-30 18:12:18 | giampaolo.rodola | set | messages: + msg233214 |
| 2014-12-28 22:01:25 | varde | set | messages: + msg233155 |
| 2014-12-26 21:38:40 | pitrou | set | nosy:
+ giampaolo.rodola, pitrou messages:
+ msg233118 |
| 2014-12-24 21:45:07 | varde | create | |