Ubuntu
openssl package

  1. Bug #1963834
  2. Comment #1

Comment 1 for bug 1963834

Revision history for this message
Seth Arnold (seth-arnold) wrote :

It looks like this was added in:

https://github.com/openssl/openssl/commit/72d2670bd21becfa6a64bb03fa55ad82d6d0c0f3

in order to address servers that have not yet been updated for CVE-2009-3555.

It's possible to add a flag at the C level to connect insecurely, SSL_OP_LEGACY_SERVER_CONNECT, but I don't see this added to python:

https://bugs.python.org/issue44888
https://github.com/python/cpython/pull/27776

Thus it might not be easily reachable from Python programs.

Best would be to update the remote server to address CVE-2009-3555 (it might also be known as "support RFC 5746"). I'm not sure what to suggest for programs written in Python.

Thanks