[Python-Dev] Enable Hostname and Certificate Chain Validation
Antoine Pitrou
solipsis at pitrou.net
Thu Jan 23 16:03:26 CET 2014
More information about the Python-Dev mailing list
Thu Jan 23 16:03:26 CET 2014
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 23 Jan 2014 01:45:15 -0500 Scott Dial <scott+python-dev at scottdial.com> wrote: > > Anecdotally, I already know of a system at work that is using HTTPS > purely for encryption, because the authentication is done in-band. So, a > self-signed cert was wholly sufficient. The management tools use a > RESTful interface over HTTPS for control, but you are telling me this > will be broken by default now. What do I tell our developers (who often > adopt the latest and greatest versions of things to play with)? That the system may be vulnerable to MITM attacks? (depending on how the authentication is done) Regards Antoine.
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list