mongodb/mongo-python-driver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PYTHON-1726 Disable TLS renegotiation when possible

Browse Source 
(cherry picked from commit bb83a26082)
This commit is contained in:
Bernie Hackett 2019-03-18 17:27:28 -07:00
parent 9093ddf365
commit 3c86686c0a
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/changelog.rst
View File

@ -22,11 +22,11 @@ Changes in Version 3.8.0.dev0
- :meth:`gridfs.grid_file.GridOut.read` now only checks for extra chunks after
reading the entire file. Previously, this method would check for extra
chunks on every call.
- :meth:`~pymongo.database.Database.current_op` now always uses the
``Database``'s :attr:`~pymongo.database.Database.codec_options`
when decoding the command response. Previously the codec_options
was only used when the MongoDB server version was <= 3.0.
- TLS Renegotiation is now disabled when possible.
Issues Resolved
...............

2
pymongo/ssl_support.py
View File

@ -128,6 +128,8 @@ if HAVE_SSL:
ctx.options |= getattr(ssl, "OP_NO_SSLv3", 0)
# OpenSSL >= 1.0.0
ctx.options |= getattr(ssl, "OP_NO_COMPRESSION", 0)
# Python 3.7+ with OpenSSL >= 1.1.0h
ctx.options |= getattr(ssl, "OP_NO_RENEGOTIATION", 0)
if certfile is not None:
try:
if passphrase is not None: