[Security-sig] Pending security features for 3.6
Christian Heimes
christian at python.org
Fri Aug 26 08:28:57 EDT 2016
Hi,
thanks for the feedback. Since my last mail a couple of things have
happened.
Victor has reviewed my AF_ALG patch and I got some feedback on a new
variant of setsockopt() on python-dev. The patch is almost ready.
I have submitted updated patch for SHA-3 and BLAKE2 support. Both need a
final review and ACK.
OpenSSL 1.1 has been released and block ciphers with small blocks have
been found insecure. This affects 3DES i our default cipher list.
OpenSSL 1.1.0 has removed 3DES, which broke one test. I'm going to
update my OpenSSL 1.1 patch soonish.
I have two more security tickets in the queue. Please give feedback.
Remove 3DES from cipher list (sweet32 CVE-2016-2183)
----------------------------------------------------
https://bugs.python.org/issue27850
Fix for https://sweet32.info/
ssl: get list of enabled ciphers
--------------------------------
https://github.com/tiran/cpython/tree/feature/openssl_ciphers
https://bugs.python.org/issue27866
Counter part of SSLContext.set_ciphers(), SSLContext.get_ciphers()
returns list of dicts with enabled ciphers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/security-sig/attachments/20160826/8c2ce535/attachment.sig>
More information about the Security-SIG
mailing list