What’s new in the next version of Tornado¶
- SSLIOStream.connect and IOStream.start_tls now validate certificates by default.
- Certificate validation will now use the system CA root certificates instead of certifi when possible (i.e. Python 2.7.9+ or 3.4+). This includes IOStream and simple_httpclient, but not curl_httpclient.
- The default SSL configuration has become stricter, using ssl.create_default_context where available.
- On Python 3, catching an exception in a coroutine no longer leads to leaks via Exception.__context__.
- PeriodicCallback is now more efficient when the clock jumps forward by a large amount.
- Passing secure=False or httponly=False to RequestHandler.set_cookie now works as expected (previously only the presence of the argument was considered and its value was ignored).