Drop remark about anonymous ciphers

tiran · tiran · commit 86aa7d2f3ef7 · 2018-05-22T12:53:26.000+02:00
The documentation no longer mentions anonymous ciphers. They are totally
insecure and irrelevant for virtually all users. The documentation was
also wrong. For anonymous ciphers, CERT_NONE, CERT_OPTIONAL and
CERT_REQUIRED all behaved the same.

Internally, CERT_REQUIRED = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
but the last flag is ignored in client mode. When a anonymous cipher is
used, clients ignore missing server certs.

Signed-off-by: Christian Heimes &lt;christian@python.org&gt;
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
@@ -2553,11 +2553,6 @@ In server mode, if you want to authenticate your clients using the SSL layer
 (rather than using a higher-level authentication mechanism), you'll also have
 to specify :const:`CERT_REQUIRED` and similarly check the client certificate.
 
-   .. note::
-
-      In client mode, :const:`CERT_OPTIONAL` and :const:`CERT_REQUIRED` are
-      equivalent unless anonymous ciphers are enabled (they are disabled
-      by default).
 
 Protocol versions
 '''''''''''''''''
