Changed the default protocol #4531
Conversation
|
The idea seems good, but the name is new in Python 3.6, and we're still supporting 3.5 at present. Can you include some compatibility code so it uses |
|
thanks @takluyver I did the changes you suggested. it is done for a review. |
notebook/notebookapp.py
Outdated
| ssl_options.setdefault('ssl_version', ssl.PROTOCOL_TLSv1) | ||
| ssl_options.setdefault( | ||
| 'ssl_version', | ||
| ssl.PROTOCOL_TLS if hasattr(ssl, PROTOCOL_TLS) else ssl.PROTOCOL_SSLv23 |
There was a problem hiding this comment.
hasattr() takes a string as the second argument. Though it might be neater to use getattr() with a default.
There was a problem hiding this comment.
hasattr() takes a string as the second argument.
you're right. thanks for catch that up. I fixed that it is done for review.
Though it might be neater to use getattr() with a default.
sorry I didn't understand how to use this default
There was a problem hiding this comment.
Like getattr(ssl, 'PROTOCOL_TLS', ssl.PROTOCOL_SSLv23). But the hasattr version is fine too.
There was a problem hiding this comment.
oh I see ... that is much better thanks. I forgot getattr has default argument. thanks. I will change that.
Applied suggestion from review Fixed hasattr issue
notebook/notebookapp.py
Outdated
| @@ -1421,7 +1421,11 @@ def init_webapp(self): | |||
| # SSL may be missing, so only import it if it's to be used | |||
| import ssl | |||
| # Disable SSLv3 by default, since its use is discouraged. | |||
There was a problem hiding this comment.
Can you update this accompanying comment to describe what we're now using and why?
There was a problem hiding this comment.
sure I am going to do that now
|
@takluyver I am reviewing the documentations here and python35 already supports and as I could find here python 3.5.5 is available on conda-forge and pkgs/main I will keep |
xmnlab
force-pushed
the
change-default-ssl
branch
from
1913b8b
to
61c50b1
Compare
|
Ah, OK. As it's pretty easy to fall back to |
notebook/notebookapp.py
Outdated
| # server support. When PROTOCOL_TLS is not available use PROTOCOL_SSLv23 | ||
| ssl_options.setdefault( | ||
| 'ssl_version', | ||
| getattr('ssl', 'PROTOCOL_TLS', ssl.PROTOCOL_SSLv23) |
There was a problem hiding this comment.
Sorry, the first parameter for getattr should be the module object (i.e. ssl with no quotes). It's only the attribute name that needs to be a string.
There was a problem hiding this comment.
you're totally right. sorry about that. I am still trying to have a functional dev environment here.
that is why I am pushing things without tested locally. sorry again T_T
|
Thanks, that looks good now. I'm about to head out, but I'll merge this tomorrow assuming the CI passes (I suspect this code path isn't tested, so...) |
|
thank you so much @takluyver ! yes it seems it is not tested ... |
|
Thanks for your patience on getting this in. |
|
Thanks @takluyver for your patience and your guidance :) |
Resolves #4427
Changed PROTOCOL_TLSv1 to PROTOCOL_TLS