[issue3597] Allow application developers to select ciphers, and default to strong in ssl lib
Heikki Toivonen
report at bugs.python.org
Tue Aug 19 05:38:11 CEST 2008
New submission from Heikki Toivonen <hjtoi-bugzilla at comcast.net>:
The 2.6 documentation states selecting the most compatible SSLv23 mode
may mean low quality ciphers, which does not really help the application
developers. It would be better to provide a way to set the allowed
ciphers. Even better, IMO, would be if the ssl module would default to
the stronger ciphers. I use the following default in M2Crypto:
set_cipher_list('ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH').
----------
components: Library (Lib)
messages: 71406
nosy: heikki
severity: normal
status: open
title: Allow application developers to select ciphers, and default to strong in ssl lib
type: security
versions: Python 2.6
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue3597>
_______________________________________
More information about the Python-bugs-list
mailing list