Should not hard-code use of SSLv3 in SSLConnectionPool

[pjrobertson]

With the recent POODLE vulnerability in SSLv3 you probably shouldn't be hard-coding the use of SSLv3 in SSLConnectionPool.py

Many servers are now disabling SSLv3, which makes geventhttpclient basically broken

[pjrobertson]

You should probably use at least TLSv1

[gwik]

agreed.

[gwik]

Note: we should use ssl.create_default_context

[gwik]

Note: force ssl.OP_NO_COMPRESSION

[pjrobertson]

Nice, merci :)

[gwik]

It's broken on 2.6

[romanlv]

can you push it to pypi? it's a serious problem and it seems to be fixed on master branch

[gwik]

It was on hold for python 2.7.10 and gevent releases. A took a while after that, but should be fixed in 1.2.0.