From f62e915404e58c273127993cbfcbf8f1db8d60e7 Mon Sep 17 00:00:00 2001 From: Ben Darnell Date: Mon, 9 Jan 2012 23:50:43 -0800 Subject: [PATCH] Release notes for the last two ssl changes --- website/sphinx/releases/next.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/website/sphinx/releases/next.rst b/website/sphinx/releases/next.rst index 9ddd8da2f..614420013 100644 --- a/website/sphinx/releases/next.rst +++ b/website/sphinx/releases/next.rst @@ -4,6 +4,13 @@ What's new in the next release of Tornado In progress ----------- +Security fixes +~~~~~~~~~~~~~~ + +* `tornado.simple_httpclient` now disables SSLv2 in all cases. Previously + SSLv2 would be allowed if the Python interpreter was linked against a + pre-1.0 version of OpenSSL. + Backwards-incompatible changes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -11,6 +18,9 @@ Backwards-incompatible changes processes exit cleanly rather than returning ``None``. The old behavior was surprising and inconsistent with most of the documented examples of this function (which did not check the return value). +* On Python 2.6, `tornado.simple_httpclient` only supports SSLv3. This + is because Python 2.6 does not expose a way to support both SSLv3 and TLSv1 + without also supporting the insecure SSLv2. * `tornado.websocket` no longer supports the older "draft 76" version of the websocket protocol by default, although this version can be enabled by overriding `tornado.websocket.WebSocketHandler.allow_draft76`. @@ -23,6 +33,8 @@ Backwards-incompatible changes when there is a lot of buffered data, which improves peformance of `SimpleAsyncHTTPClient` when downloading files with lots of chunks. +* `SSLIOStream` now works correctly when ``ssl_version`` is set to + a value other than ``SSLv23``. * Idle ``IOLoops`` no longer wake up several times a second. * `tornado.ioloop.PeriodicCallback` no longer triggers duplicate callbacks when stopped and started repeatedly. -- 2.47.2