From c5264b6cea06063d385d028e5906846c460204f1 Mon Sep 17 00:00:00 2001 From: Ivan Ogasawara Date: Fri, 29 Mar 2019 20:05:59 -0400 Subject: [PATCH 1/3] Changed the default protocol Applied suggestion from review Fixed hasattr issue --- notebook/notebookapp.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/notebook/notebookapp.py b/notebook/notebookapp.py index 6607dc1a3..6fa31d5d1 100755 --- a/notebook/notebookapp.py +++ b/notebook/notebookapp.py @@ -1421,7 +1421,11 @@ class NotebookApp(JupyterApp): # SSL may be missing, so only import it if it's to be used import ssl # Disable SSLv3 by default, since its use is discouraged. - ssl_options.setdefault('ssl_version', ssl.PROTOCOL_TLSv1) + _ssl_protocol = ( + ssl.PROTOCOL_TLS if hasattr(ssl, 'PROTOCOL_TLS') + else ssl.PROTOCOL_SSLv23 + ) + ssl_options.setdefault('ssl_version', _ssl_protocol) if ssl_options.get('ca_certs', False): ssl_options.setdefault('cert_reqs', ssl.CERT_REQUIRED) From 61c50b1b8c052d5e0c236c51ad57e9881f4f384f Mon Sep 17 00:00:00 2001 From: Ivan Ogasawara Date: Wed, 3 Apr 2019 10:36:37 -0400 Subject: [PATCH 2/3] Improve code, add docstring --- notebook/notebookapp.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/notebook/notebookapp.py b/notebook/notebookapp.py index 6fa31d5d1..f33329aaf 100755 --- a/notebook/notebookapp.py +++ b/notebook/notebookapp.py @@ -1420,12 +1420,12 @@ class NotebookApp(JupyterApp): else: # SSL may be missing, so only import it if it's to be used import ssl - # Disable SSLv3 by default, since its use is discouraged. - _ssl_protocol = ( - ssl.PROTOCOL_TLS if hasattr(ssl, 'PROTOCOL_TLS') - else ssl.PROTOCOL_SSLv23 + # PROTOCOL_TLS selects the highest ssl/tls protocol version that both the client and + # server support. When PROTOCOL_TLS is not available use PROTOCOL_SSLv23 + ssl_options.setdefault( + 'ssl_version', + getattr('ssl', 'PROTOCOL_TLS', ssl.PROTOCOL_SSLv23) ) - ssl_options.setdefault('ssl_version', _ssl_protocol) if ssl_options.get('ca_certs', False): ssl_options.setdefault('cert_reqs', ssl.CERT_REQUIRED) From 55177807bc52b9479b5c472cc4fee7fe0647f17c Mon Sep 17 00:00:00 2001 From: Ivan Ogasawara Date: Wed, 3 Apr 2019 12:41:10 -0400 Subject: [PATCH 3/3] Fixed small issue and added more information about PROTOCOL_TLS --- notebook/notebookapp.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/notebook/notebookapp.py b/notebook/notebookapp.py index f33329aaf..8a1bfb248 100755 --- a/notebook/notebookapp.py +++ b/notebook/notebookapp.py @@ -1421,10 +1421,11 @@ class NotebookApp(JupyterApp): # SSL may be missing, so only import it if it's to be used import ssl # PROTOCOL_TLS selects the highest ssl/tls protocol version that both the client and - # server support. When PROTOCOL_TLS is not available use PROTOCOL_SSLv23 + # server support. When PROTOCOL_TLS is not available use PROTOCOL_SSLv23. + # PROTOCOL_TLS is new in version 2.7.13, 3.5.3 and 3.6 ssl_options.setdefault( 'ssl_version', - getattr('ssl', 'PROTOCOL_TLS', ssl.PROTOCOL_SSLv23) + getattr(ssl, 'PROTOCOL_TLS', ssl.PROTOCOL_SSLv23) ) if ssl_options.get('ca_certs', False): ssl_options.setdefault('cert_reqs', ssl.CERT_REQUIRED)