rspec/rules/S5547/python/how-to-fix-it/ssl.adoc

== How to fix it in ssl

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,python,diff-id=41,diff-type=noncompliant]
----
import ssl

ciphers = 'RC4-SHA:RC4-MD5'
ctx = ssl.create_default_context()
ctx.set_ciphers(ciphers)  # Noncompliant
----

==== Compliant solution

[source,python,diff-id=41,diff-type=compliant]
----
import ssl

ctx = ssl.create_default_context()
----

=== How does this work?

It is recommended to not override the ciphers but instead, use the secure
default ciphers of the module, as they might change over time.
Modify rule S5547: Add ssl module (#3113) 2023-11-13 13:52:29 +01:00			`== How to fix it in ssl`

			`=== Code examples`

			`include::../../common/fix/code-rationale.adoc[]`

			`==== Noncompliant code example`

			`[source,python,diff-id=41,diff-type=noncompliant]`
			`----`
			`import ssl`

			`ciphers = 'RC4-SHA:RC4-MD5'`
			`ctx = ssl.create_default_context()`
			`ctx.set_ciphers(ciphers) # Noncompliant`
			`----`

			`==== Compliant solution`

			`[source,python,diff-id=41,diff-type=compliant]`
			`----`
			`import ssl`

			`ctx = ssl.create_default_context()`
			`----`

			`=== How does this work?`

			`It is recommended to not override the ciphers but instead, use the secure`
			`default ciphers of the module, as they might change over time.`