[issue28043] Sane defaults for SSLContext options and ciphers
Christian Heimes
report at bugs.python.org
Fri Sep 9 07:18:42 EDT 2016
New submission from Christian Heimes:
I like to introduce sane defaults for SSLContext options and ciphers:
Changed in version 3.6: The context is created with more secure default values. PROTOCOL_TLS is the default protocol. The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
----------
components: Extension Modules, Library (Lib)
files: Sane-defaults-for-SSLContext-options-and-ciphers.patch
keywords: patch
messages: 275310
nosy: alex, christian.heimes, dstufft, giampaolo.rodola, janssen, ncoghlan
priority: high
severity: normal
stage: patch review
status: open
title: Sane defaults for SSLContext options and ciphers
type: security
versions: Python 3.6, Python 3.7
Added file: http://bugs.python.org/file44500/Sane-defaults-for-SSLContext-options-and-ciphers.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue28043>
_______________________________________
More information about the Python-bugs-list
mailing list