[issue19689] ssl.create_default_context()
Antoine Pitrou
report at bugs.python.org
Fri Nov 22 20:40:57 CET 2013
Antoine Pitrou added the comment:
> how about we use more strict and modern settings for the public API?
> TLSv1, no insecure stuff like RC4, MD5, DSS etc.
> https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
Fine, but I'd like to see something more open-ended for the ciphers
string. e.g.
'HIGH:!ADH:!AECDH:!MD5:!DSS:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2' ?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue19689>
_______________________________________
More information about the Python-bugs-list
mailing list