top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Python 3.2 and supported OpenSSL Versions

+2 votes
598 views

I have two Questions:

  1. Could Python 3.2, when compiled against OpenSSL 1.0.0j, be affected by the poodle bug? https://www.openssl.org/~bodo/ssl-poodle.pdf

  2. If yes - are the following OpenSSL versions approved for use with Python 3.2:
    OpenSSL 0.9.8zf
    OpenSSL 1.0.0r
    OpenSSL 1.0.1m
    OpenSSL 1.0.2a

posted May 25, 2015 by anonymous

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote

Yes, POODLE is two things:

  1. Due to client side fallback mechanisms outside of SSL and TLS, it is possible to force a client to connect with a different version of the protocol, i.e. a protocol downgrade.

  2. Due to the way padding is implemented in SSL 3.0 there is a padding oracle attack on CBC mode ciphers. This affects all implementations of SSL 3.0, and some of TLS 1.0 (but not OpenSSL).

All versions of OpenSSL (that support SSL 3.0) are affected by (2) because it is inherent in the protocol. The fix is not to allow SSL, and enable the latest versions of TLS.

Later versions of OpenSSL (0.9.8zc, 1.0.0o, 1.0.1j) added a workaround, the TLS_FALLBACK_SCSV mechanism, which allows clients to specify when they have falled back to an earlier version, preventing downgrade attacks (1). It only works if the both the client and server support the mechanism, and if SSL 3.0 is used it is still affected by the padding oracle attack (2).

2. If yes - are the following OpenSSL versions approved for use with Python 3.2:

I can't answer for approved but I have builds of Python than use OpenSSL 0.9.8 and 1.0.1 and it should build against any version in these branches. I also have pyOpenSSL built against these branches.

answer May 25, 2015 by anonymous
Similar Questions
0 votes

I am trying to write a program that requires me hitting a https web link. However, I can't seem to get it to work. The program works fine when dealing with http sites, however, when I try it with a https site I get

socket.gaierror: [Errno 11001] getaddrinfo failed

It seems like it has something to do with the ssl not working, however, I do have the ssl.py in the python library and I have no problem importing it.

My code is below. Any help would be greatly appreciated.

import urllib.request
auth = urllib.request.HTTPSHandler()
proxy = urllib.request.ProxyHandler({'http':'my proxy'})
opener = urllib.request.build_opener(proxy, auth)
f = opener.open('http://www.google.ca/')
+2 votes

I am working on drawing map from shape file in Python 3.2 basemap. But, the longitude values at the bottom axis are only shown partially. Also, all latitude values are missing.

Here is my python code.

import shapefile as sf
import sys
import numpy as np
import matplotlib.pylab as plt
from mpl_toolkits.basemap import Basemap

 map = Basemap(projection='stere', lon_0=-106.4, lat_0= 31.9, lat_ts = 31.9, 
 llcrnrlat=31.7, urcrnrlat= 31.85, 
 llcrnrlon=-106.5 , urcrnrlon= -106.1, 
 rsphere=6371200., resolution='l', area_thresh=1000)

 plt.figure(num=None, figsize=(10, 8), dpi=80, facecolor='w', edgecolor='k')

parallels = np.arange(31.7, 31.85, 0.25)

map.drawparallels(parallels, labels=[0, 0, 0, 1] , fontsize=10, labelstyle='+/-', dashes=[2, 2])

meridians = np.arange (-106.5, -106.1, 0.25)

map.drawmeridians(meridians, labels=[0, 0, 0, 1], fontsize=10, labelstyle='+/-' , dashes=[2, 2])

No matter how I changed the labels, the latitude/longitude legend values are still missing.

+3 votes

The http://www.python.org site says that the future is Python 3, yet whenever I try something new in Python, such as Tkinter, everything seems to default to Python 2.

By this I mean that, whenever I find that I need to install another package, it shows up as Python 2 unless I explicitly specify Python 3.

What's the deal? If I want to make a distributable software package, should it be 2 or 3?

+3 votes

Here is what I have tried:

root@secure [~]# which python3
/usr/bin/python3

root@secure [~]# which pip
/usr/bin/pip

root@secure [~]# yum install pip3
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.secrel.com.br
 * epel: mirror.imt-systems.com
 * extras: centos.secrel.com.br
 * remi: mirror5.layerjet.com
 * updates: mirrors.ucr.ac.cr
Setting up Install Process
No package pip3 available.
Error: Nothing to do
...