From: Benjamin Peterson <benjamin@python.org>
Date: Tue, 30 Dec 2014 21:15:43 +0000 (-0600)
Subject: make PROTOCOL_SSLv23 the default protocol version for ftplib (closes #23111)
X-Git-Tag: v3.4.3rc1~186
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=36fe7926f888ba154b64904b91a5dd8c83e6c167;p=thirdparty%2FPython%2Fcpython.git

make PROTOCOL_SSLv23 the default protocol version for ftplib (closes #23111)
---

diff --git a/Lib/ftplib.py b/Lib/ftplib.py
index 9c73f5f019d1..cd8c1a987eb6 100644
--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@@ -713,7 +713,7 @@ else:
         '221 Goodbye.'
         >>>
         '''
-        ssl_version = ssl.PROTOCOL_TLSv1
+        ssl_version = ssl.PROTOCOL_SSLv23
 
         def __init__(self, host='', user='', passwd='', acct='', keyfile=None,
                      certfile=None, context=None,
@@ -743,7 +743,7 @@ else:
             '''Set up secure control connection by using TLS/SSL.'''
             if isinstance(self.sock, ssl.SSLSocket):
                 raise ValueError("Already using TLS")
-            if self.ssl_version == ssl.PROTOCOL_TLSv1:
+            if self.ssl_version >= ssl.PROTOCOL_SSLv23:
                 resp = self.voidcmd('AUTH TLS')
             else:
                 resp = self.voidcmd('AUTH SSL')
diff --git a/Misc/NEWS b/Misc/NEWS
index 7932c77f1ccb..42cbc39d6e38 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -41,6 +41,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #23111: In the ftplib, make ssl.PROTOCOL_SSLv23 the default protocol
+  version.
+
 - Issue #22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(),
   instead of reading /dev/urandom, to get pseudo-random bytes.