[issue13627] Python SSL stack doesn't support Elliptic Curve ciphers
naif
report at bugs.python.org
Sun Dec 18 14:38:59 CET 2011
New submission from naif <naif at globaleaks.org>:
Python SSL doesn't support Elliptic Curve ciphers in in all version tested.
This is a serious performance issue because it's not possible to use as a server or as client the performance improvement provided by ECC based ciphers.
Nowdays ECC are supported by all latests browsers.
ECC provide a strong performance improvements (even x3) also when used with Perfect Forward Secrecy enabled ciphers like described on:
http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
In order to enable ECC ciphers (and eventually ECC keys) the SSL implementation the in the file Modules/_ssl.c must be modified.
For example apache had several modifications to support ECC on their SSL (openssl based) stack:
https://issues.apache.org/bugzilla/show_bug.cgi?id=40132
https://build.opensuse.org/package/view_file?file=httpd-ssl-ecc-ecdh.patch&package=apache2&project=home%3Aelvigia%3Atls1.2&rev=2
So Python SSL module should introduce similar modifications to fully support Elliptic Curve ciphers for SSL in order to:
- Provide performance improvements
- Provide cryptography security improvements
- Allow writing of applications compliant with NSA Suite-B standard
----------
components: Library (Lib)
messages: 149755
nosy: naif
priority: normal
severity: normal
status: open
title: Python SSL stack doesn't support Elliptic Curve ciphers
versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13627>
_______________________________________
More information about the Python-bugs-list
mailing list