From 77ce2037e8d60534be5f5194a4882372c2164fef Mon Sep 17 00:00:00 2001
From: Matt Arnold <matt@thegnuguru.org>
Date: Mon, 8 Sep 2025 10:10:13 -0400
Subject: [PATCH] add recap and refs

---
 rohttptls.py | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/rohttptls.py b/rohttptls.py
index d33f970..5606929 100644
--- a/rohttptls.py
+++ b/rohttptls.py
@@ -246,8 +246,8 @@ def tls_server_handler():
     ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
 
     # Remember what i said about best default and not shooting
-    # ourselves in the foot. Well Firefox, does a stupid thing
-    # during TLS handshake and declares it supports. SSLv3
+    # ourselves in the foot. Well Firefox/Gevent/Python, does a stupid thing
+    # during TLS handshake one  and declares it supports. SSLv3
     # Which has been considered hopelessly broken since 2014.
     # Mozilla's own security people even said so at the time.
     # See References. Anyway Setting the minimum and maximum
@@ -360,18 +360,19 @@ else:
     daemon_main()
 
 
-# To recap we just did a bunch of work, for no user visible change
-# This is not a bad thing, often the first drafts of programs.
-# Will fit the requirements of the moment. But when the requirements
-# change the program must be adapted to fit.
-# This process of iteration and redesign,
-# is called "paying down technical debt", and it should be done whenever
-# possible.
-#
-# And we've just moved up to the second level of the 7 story mountain
-# Yay us.
-#
+# Now for the recap, today we learned how TLS works from the server's
+# Perspective. We learned that python has secure defaults and you
+# should use them unless there's a problem.
+
+# We also learned that firefox may have a problem, and being explicit
+# about the TLS versions we support fixed that issue.
+
+# This problem is more likely a bug in gevent, if I had to guess
+
+# Stay tuned for Part 6 where we will, finally break up
+# with Rick Astley.
+# Cheers
+
 # References
-# Robustness Principal (Devopedia): https://devopedia.org/postel-s-law
-# IETF RFC 9112 HTTP/1.1 https://datatracker.ietf.org/doc/html/rfc9112
-#
+# Python's SSL Module docs: https://docs.python.org/3/library/ssl.html#ssl.create_default_context
+# End of SSLv3: https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/