Changelog update to reflect encryption to be enabled by default

[john-bodley]

It seems in the 1.5.0 release the default config has encryption enabled (https://github.com/neo4j/neo4j-python-driver/blob/1.5/neo4j/v1/security.py#L52) which causes an exception to thrown if the Python version is less than 2.7.9.

I was wondering whether this Changelog should be updated to reflect this?

[technige]

While the code here has changed, the default has been to open encrypted connections for a long time.

[john-bodley]

Thanks @technige for the quick response. In previous versions of the driver we would get the warning though in 1.5.0 the exception is raised.

Referring to the code from 1.4.0 (https://github.com/neo4j/neo4j-python-driver/blob/1.4/neo4j/v1/security.py) if SSL_AVAILABLE is False this implies that ENCRYPTION_DEFAULT = 0, which means that the encrypted = 0 (assuming that the encrypted key in the config is undefined or None). The warning is displayed and the if statement on line 63 evaluates to False.

In 1.5.0 assuming the same configuration, it seems the new default_config is used if the encrypted config key is undefined which defaults to True (https://github.com/neo4j/neo4j-python-driver/blob/1.5/neo4j/config.py#L52) and thus the warning is no longer displayed and the if statement evaluates to True causing the exception to be thrown.

[zhenlineo]

Hi @john-bodley

I copy paste the default value wrongly. There was no intention to change the default value in 1.5. We will fix this unexpected change in next patch.

Sorry for causing this error to you. Please override the wrong default encryption config in your code for now.

Thanks again for raising this issue to us.

Zhen

[zhenlineo]

Hi @john-bodley

We've already release 1.5.1 which contains the fix for this issue.

Thanks,
Zhen