Use protocol TLS v1.0 by default when none is set.963-tlsv1-default

Signed-off-by: Joffrey F <joffrey@docker.com>
author: Joffrey F <joffrey@docker.com> 2016-03-02 15:01:30 -0800
committer: Joffrey F <joffrey@docker.com> 2016-03-02 15:01:30 -0800
commit: f4114274d68bbb8584e95add857c6d29c03f9a0c (patch)
tree: 6c485a1a992344e61b08253ba7ef4f8b1d3627c9
parent: 062c76d8b22a6bd8a9076e17bb9a0a106bd21ce5 (diff)
download: docker-py-f4114274d68bbb8584e95add857c6d29c03f9a0c.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/docker/tls.py b/docker/tls.py
index 83b0ff7..7abfa60 100644
--- a/docker/tls.py
+++ b/docker/tls.py
@@ -1,4 +1,5 @@
 import os
+import ssl
 
 from . import errors
 from .ssladapter import ssladapter
@@ -19,10 +20,14 @@ class TLSConfig(object):
         # here, but also disable any public/default CA pool verification by
         # leaving tls_verify=False
 
-        self.ssl_version = ssl_version
         self.assert_hostname = assert_hostname
         self.assert_fingerprint = assert_fingerprint
 
+        # TLS v1.0 seems to be the safest default; SSLv23 fails in mysterious
+        # ways: https://github.com/docker/docker-py/issues/963
+
+        self.ssl_version = ssl_version or ssl.PROTOCOL_TLSv1
+
         # "tls" and "tls_verify" must have both or neither cert/key files
         # In either case, Alert the user when both are expected, but any are
         # missing.
author	Joffrey F <joffrey@docker.com>	2016-03-02 15:01:30 -0800
committer	Joffrey F <joffrey@docker.com>	2016-03-02 15:01:30 -0800
commit	f4114274d68bbb8584e95add857c6d29c03f9a0c (patch)
tree	6c485a1a992344e61b08253ba7ef4f8b1d3627c9
parent	062c76d8b22a6bd8a9076e17bb9a0a106bd21ce5 (diff)
download	docker-py-f4114274d68bbb8584e95add857c6d29c03f9a0c.tar.gz