Make ssl.PROTOCOL_SSLv23 default for --ssl-version

Fixes #1249
2026-01-14 11:09:11 +08:00 · 2017-02-06 09:10:35 +03:00 · 2017-02-06 09:10:35 +03:00 · 9c73259f71
commit 9c73259f71
parent 577c3eb030
3 changed files with 11 additions and 1 deletions
--- a/docs/source/news.rst
+++ b/docs/source/news.rst
@ -12,6 +12,8 @@ Core
  Use the :ref:`gunicorn-cmd` command-line interface instead.
 - The previously deprecated ``django_settings`` setting has been removed.
  Use the :ref:`raw-env` setting instead.
+- The default value of :ref:`ssl-version` has been changed from
+  ``ssl.PROTOCOL_TLSv1`` to ``ssl.PROTOCOL_SSLv23``.

 19.6.0 / 2016/05/21
 ===================
--- a/docs/source/settings.rst
+++ b/docs/source/settings.rst
@ -1142,6 +1142,10 @@ ssl_version

 SSL version to use (see stdlib ssl module's)

+.. versionchanged:: 19.7
+   The default value has been changed from ``ssl.PROTOCOL_TLSv1`` to
+   ``ssl.PROTOCOL_SSLv23``.
+
 .. _cert-reqs:

 cert_reqs
--- a/gunicorn/config.py
+++ b/gunicorn/config.py
@ -1755,9 +1755,13 @@ class SSLVersion(Setting):
    section = "SSL"
    cli = ["--ssl-version"]
    validator = validate_pos_int
-    default = ssl.PROTOCOL_TLSv1
+    default = ssl.PROTOCOL_SSLv23
    desc = """\
    SSL version to use (see stdlib ssl module's)
+
+    .. versionchanged:: 19.7
+       The default value has been changed from ``ssl.PROTOCOL_TLSv1`` to
+       ``ssl.PROTOCOL_SSLv23``.
    """

 class CertReqs(Setting):