Remove unused libcloud.security.SSL_VERSION module level constant /

variable which has been unused and had no affect since we have switched to the requests library for making HTTP(s) requests in 2016.
apache · Aug 1, 2023 · 56674f4 · 56674f4
1 parent 24a455f
commit 56674f4
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 46 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -97,6 +97,12 @@ Other
   (GITHUB-1920)
   [Tomaz Muraus - @Kami]
 
+- Remove unused ``libcloud.security.SSL_VERSION`` constant / module level
+  variable. This variable has been unused and had no affect on the behavior
+  since we switched to the ``requests`` library for making HTTP(s) requests in
+  2016.
+  [Tomaz Muraus - @Kami]
+
 Changes in Apache Libcloud 3.7.0
 --------------------------------
 

diff --git a/docs/other/ssl-certificate-validation.rst b/docs/other/ssl-certificate-validation.rst
@@ -110,46 +110,3 @@ For example:
     libcloud.security.VERIFY_SSL_CERT = False
 
     # Instantiate and work with the driver here...
-
-Changing used SSL / TLS version
--------------------------------
-
-.. note::
-
-    Linode recently dropped support for TLS v1.0 and it only supports TLS v1.1
-    and higher.
-    If you are using Linode driver you need to update your code to use TLS v1.1
-    or TLS v1.2 as shown below.
-
-For compatibility and safety reasons (we also support older Python versions),
-Libcloud uses TLS v1.0 by default.
-
-If the provier doesn't support this version or if you want to use a different
-version because of security reasons (you should always use the highest version
-which is supported by your system and your provider) you can tell Libcloud to
-use a different version as shown below.
-
-.. sourcecode:: python
-
-    import ssl
-
-    import libcloud.security
-    libcloud.security.SSL_VERSION = ssl.PROTOCOL_TLSv1_1
-    # or
-    libcloud.security.SSL_VERSION = ssl.PROTOCOL_TLSv1_2
-
-    # Instantiate and work with the driver here...
-
-Keep in mind that TLS v1.1 and v1.2 is right now only supported in Python >=
-3.4 and Python 2.7.9. In addition to that, your system also needs to have a
-recent version of OpenSSL available.
-
-Another (**unsafe** and **unrecommended**) option is to use
-``ssl.PROTOCOL_SSLv23`` constant which will let client know to pick the highest
-protocol version which both the client and server support. If this constant is
-selected, the client will be selecting between SSL v3.0, TLS v1.0, TLS v1.1 and
-TLS v1.2.
-
-Keep in mind that SSL v3.0 is considered broken and unsafe and using this
-option can result in a downgrade attack so we strongly recommend **NOT** to use
-it.
diff --git a/libcloud/security.py b/libcloud/security.py
@@ -26,12 +26,10 @@
 import os
 import ssl
 
-__all__ = ["VERIFY_SSL_CERT", "SSL_VERSION", "CA_CERTS_PATH"]
+__all__ = ["VERIFY_SSL_CERT", "CA_CERTS_PATH"]
 
 VERIFY_SSL_CERT = True
 
-SSL_VERSION = ssl.PROTOCOL_TLSv1
-
 # True to use certifi CA bundle path when certifi library is available
 USE_CERTIFI = os.environ.get("LIBCLOUD_SSL_USE_CERTIFI", True)
 USE_CERTIFI = str(USE_CERTIFI).lower() in ["true", "1"]