From 2128b696b87ed1b44aac0ee31deb94b0b777f7db Mon Sep 17 00:00:00 2001 From: Philipp Hagemeister Date: Sat, 13 Dec 2014 23:44:50 +0100 Subject: [PATCH] [utils] Do not make an exception for SSLv3 SSLv3 is terminally vulnerable to POODLE; web browsers are currently deprecating/removing it. Closes #4459, fixes #4294 --- youtube_dl/utils.py | 1 - 1 file changed, 1 deletion(-) diff --git a/youtube_dl/utils.py b/youtube_dl/utils.py index ac66f3de0..5e92bcc71 100644 --- a/youtube_dl/utils.py +++ b/youtube_dl/utils.py @@ -390,7 +390,6 @@ def formatSeconds(secs): def make_HTTPS_handler(opts_no_check_certificate, **kwargs): if hasattr(ssl, 'create_default_context'): # Python >= 3.4 or 2.7.9 context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) - context.options &= ~ssl.OP_NO_SSLv3 # Allow older, not-as-secure SSLv3 if opts_no_check_certificate: context.verify_mode = ssl.CERT_NONE try: