[issue27768] ssl: add public API for IA-32 processor capabilities vector
Christian Heimes
report at bugs.python.org
Thu Aug 25 03:36:43 EDT 2016
Christian Heimes added the comment:
GPS, sure it is simple enough under Linux. But what about other operating systems? OPENSSL_ia32cap_loc() works under Windows, too.
Antoine, AES-GCM is still faster and performs better than ChaCha20 Poly1305. NSS and Mozilla's recommended cipher suite list prefers AES-GCM over ChaCha20, too. https://wiki.mozilla.org/Security/Server_Side_TLS
It's reasonable and simple to provide the best cipher suite that matches the systems' capabilities. As Alex stated, performance is security.
To provide the CPU capabilities to the ssl module and 3rd party authors (e.g. Cory asked on behalf of requests), let's keep ssl._ia32cap() a private function and just add two constants: HAVE_AESNI = True/False/None, HAVE_PCLMULQDQ = True/False/None (None: ia32cap is not available on the system). Is that ok with you?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue27768>
_______________________________________
More information about the Python-bugs-list
mailing list