-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Drop 'six' dependency from base check package #18641
base: master
Are you sure you want to change the base?
Conversation
The |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files
Flags with carried forward coverage won't be shown. Click here to find out more. |
try: | ||
context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS) | ||
context.verify_mode = ssl.CERT_NONE | ||
|
||
with closing(context.wrap_socket(sock, server_hostname=hostname)) as secure_sock: | ||
with context.wrap_socket(sock, server_hostname=hostname) as secure_sock: |
Check failure
Code scanning / CodeQL
Use of insecure SSL/TLS version High
call to ssl.SSLContext
Insecure SSL/TLS protocol version TLSv1_1 allowed by
call to ssl.SSLContext
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 18 days ago
To fix the problem, we need to ensure that the SSL context is created using a secure protocol version. The best way to do this is to use ssl.PROTOCOL_TLSv1_2
or higher. This change will ensure that only secure versions of the TLS protocol are used, aligning with best practices for secure communication.
- Change the SSL context creation to use
ssl.PROTOCOL_TLSv1_2
. - Ensure that the rest of the functionality remains unchanged.
-
Copy modified line R466
@@ -465,3 +465,3 @@ | ||
try: | ||
context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS) | ||
context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2) | ||
context.verify_mode = ssl.CERT_NONE |
The |
What does this PR do?
Motivation
Additional Notes
Review checklist (to be filled by reviewers)
qa/skip-qa
label if the PR doesn't need to be tested during QA.backport/<branch-name>
label to the PR and it will automatically open a backport PR once this one is merged