[Python-Dev] Controlling the cipher list for SSL connections
Chris Frantz
frantzcj at gmail.com
Thu Sep 10 20:04:22 CEST 2009
Bill,
I agree that it's usually better to let the SSL implementation pick
the ciphers.
I have a certain device that I'd like to talk to that is running on an
underpowered embedded CPU. When I let OpenSSL pick the ciphers, it
chooses something like EDH-RSA-AES-SHA and takes about 3.5 seconds to
finish the handshake. If I can restrict the cipher list to
RSA-RC4-SHA I can reduce the handshake time to less than a second and
improve the throughput of any bulk data transfer over the connection.
--Chris
On Thu, Sep 10, 2009 at 12:09 PM, Bill Janssen<janssen at parc.com> wrote:
> Thanks, Chris. Can you explain why you want to set the cipher list
> explicitly? IMO, it's usually better to select a security scheme (TLS1,
> or SSLv3, etc.), and let the implementation pick the cipher list.
>
> Bill
>
> Chris Frantz <frantzcj at gmail.com> wrote:
>
>> Done.
>>
>> Attached to Issue 3597, which is a similar request to mine.
>>
>> Best Regards,
>> --Chris
>> _______________________________________________
>> Python-Dev mailing list
>> Python-Dev at python.org
>> http://mail.python.org/mailman/listinfo/python-dev
>> Unsubscribe: http://mail.python.org/mailman/options/python-dev/janssen%40parc.com
>
More information about the Python-Dev
mailing list