[issue20995] Use Better Default Ciphers for the SSL Module
Donald Stufft
report at bugs.python.org
Fri Mar 21 00:15:39 CET 2014
Donald Stufft added the comment:
> > Again, Python is already forcing a set of ciphers. I don't know what sort of
> > Systems you use, but even RHEL 6.5 has *horrible* ciphers by in the OpenSSL
> > default set. Things like DES (not 3DES, DES) and 40bit RC4.
>
> I wonder why RedHat doesn't bother changing the defaults.
> Did nobody ever report the issue to them, or are they more conservative
> than we are?
I don't know why. Probably because the OpenSSL defaults are not intended to
be secure so OpenSSL is working as intended. The users of OpenSSL are intended
to use the cipher selection string to secure themselves.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20995>
_______________________________________
More information about the Python-bugs-list
mailing list