[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers
naif
report at bugs.python.org
Mon Dec 19 14:03:09 CET 2011
naif <naif at globaleaks.org> added the comment:
Yes, i can do the test for the ordered set of ciphers with all the patches in-place, can build a custom python 3.2 with the patch applied.
I would suggest to try to keep ECC/ECDH/ECDHE enabled, conceptually we would like to have ECDHE as the first ciphers because it's the most modern, performance and secure.
For DH, you say that it require some file, but looking at mod_ssl Changelog it say:
The reason was that mod_ssl's temporary RSA keys and DH parameters
were stored in the persistent memory pool directly as OpenSSL's
RSA and DH structures.
I mean, when i install Apache with SSL, from the system administrator point of view, i never have to create a file somewhere in order to have that ciphers.
Maybe also DH/EDH stuff can be done "in memory"?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13636>
_______________________________________
More information about the Python-bugs-list
mailing list