[New-bugs-announce] [issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers
naif
report at bugs.python.org
Mon Dec 19 12:00:08 CET 2011
New submission from naif <naif at globaleaks.org>:
By default the Python SSL/TLS Stack (client/server) expose unsecure protocols (SSLv2) and unsecure ciphers (EXPORT 40bit DES).
This ticket is about defining a set of secure ciphers that should also provide maximum performance and compatibility, in order to allow any Python coder to use a Secure SSL/TLS stack without the need to became a Crypto Experts.
The discussion come from ticket http://bugs.python.org/issue13627 .
The proposal is to involve a discussion from the Tor Project (mailing list Tor-Talk & Tor-Dev) to define rationally a default set of ciphers/protocol for Python SSL/TLS from the Cryptography point of view .
----------
components: Library (Lib)
messages: 149839
nosy: naif
priority: normal
severity: normal
status: open
title: Python SSL Stack doesn't have a Secure Default set of ciphers
versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13636>
_______________________________________
More information about the New-bugs-announce
mailing list