Fix for CVE-2014-3566 'POODLE' SSL attack, original commit '22c4922f4796078c5613de9e07e66b8764549cad'

11 years ago · 7b856fb21d
parent 8a3f13ae02
commit 7b856fb21d
1 changed files with 4 additions and 0 deletions
--- a/IPython/html/notebookapp.py
+++ b/IPython/html/notebookapp.py
@ -19,6 +19,7 @@ import re
 import select
 import signal
 import socket
+import ssl
 import sys
 import threading
 import webbrowser
@ -846,6 +847,9 @@ class NotebookApp(BaseIPythonApplication):
        if not ssl_options:
            # None indicates no SSL config
            ssl_options = None
+        else:
+            # Disable SSLv3, since its use is discouraged.
+            ssl_options['ssl_version']=ssl.PROTOCOL_TLSv1
        self.login_handler_class.validate_security(self, ssl_options=ssl_options)
        self.http_server = httpserver.HTTPServer(self.web_app, ssl_options=ssl_options,
                                                 xheaders=self.trust_xheaders)