[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers
Antoine Pitrou
report at bugs.python.org
Mon Dec 19 12:17:37 CET 2011
Antoine Pitrou <pitrou at free.fr> added the comment:
As I said, I don't think maintaining an explicit list of ciphers ourselves is reasonable, since there are no crypto experts (AFAICT) amongst the Python core developers.
Also, maintaining an explicit list of ciphers means people wouldn't benefit automatically from new ciphers unless Python itself is modified.
However, as I've proposed on issue13627, we could call set_ciphers("HIGH") by default. This excludes legacy ciphers (such as RC4, DES) without having us maintain an explicit list.
----------
nosy: +gregory.p.smith, pitrou
stage: -> needs patch
type: -> security
versions: -Python 2.6, Python 2.7, Python 3.1, Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13636>
_______________________________________
More information about the Python-bugs-list
mailing list