SSL v3 is deprecated. - Githubissues

MycroftAI / personal-backend

WORK IN PROGRESS: A Flask personal backend alternative for running your own version of https://home.mycroft.ai

Apache License 2.0

114 stars 32 forks source link

SSL v3 is deprecated. #11

Closed el-tocino closed 5 years ago

el-tocino commented 5 years ago

We should be using TLS v1.1 at a minimum, if not 1.2

This line: https://github.com/MycroftAI/personal-backend/blob/074cbebd382129569c7dfa782358d8887f341db8/personal_mycroft_backend/backend/__init__.py#L48 should be

    context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)

el-tocino commented 5 years ago

https://threatpost.com/ietf-officially-deprecates-sslv3/113503/ (2015)

JarbasAl commented 5 years ago

you're right, not sure why i used sslv3, i think it had something to do with the self signed certs

el-tocino commented 5 years ago

In general I'd recommend using let's encrypt if possible over self-signed, though I understand that's not always an option. If I get around to it this weekend I'll make a pr for this, if you haven't by then.

el-tocino commented 5 years ago

pr submitted.