Skip to content

Commit eb624e2

Browse files
shin-shin-
committed
Merge pull request #971 from docker/963-tlsv1-default
Use protocol TLS v1.0 by default when none is set.
2 parents 062c76d + f411427 commit eb624e2

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

docker/tls.py

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
import os
2+
import ssl
23

34
from . import errors
45
from .ssladapter import ssladapter
@@ -19,10 +20,14 @@ def __init__(self, client_cert=None, ca_cert=None, verify=None,
1920
# here, but also disable any public/default CA pool verification by
2021
# leaving tls_verify=False
2122

22-
self.ssl_version = ssl_version
2323
self.assert_hostname = assert_hostname
2424
self.assert_fingerprint = assert_fingerprint
2525

26+
# TLS v1.0 seems to be the safest default; SSLv23 fails in mysterious
27+
# ways: https://github.com/docker/docker-py/issues/963
28+
29+
self.ssl_version = ssl_version or ssl.PROTOCOL_TLSv1
30+
2631
# "tls" and "tls_verify" must have both or neither cert/key files
2732
# In either case, Alert the user when both are expected, but any are
2833
# missing.

0 commit comments

Comments
 (0)