[issue21013] server-specific SSL context configuration
Donald Stufft
report at bugs.python.org
Sat Mar 22 17:26:50 CET 2014
Donald Stufft added the comment:
Attached is a patch that:
* Switches the protocol to SSLv23 so that we can negotiate a TLS1.1 or TLS1.2 connection.
* Sets OP_CIPHER_SERVER_PREFERENCE for Purpose.CLIENT_AUTH so that our carefully selected cipher priority gives us better encryption and PFS
* Sets OP_SINGLE_DH_USE and OP_SINGLE_ECDH_USE for Purpose.CLIENT_AUTH to prevent re-use of the DH and ECDH keys in distinct sessions.
----------
keywords: +patch
Added file: http://bugs.python.org/file34569/ssl-server-defaults.diff
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21013>
_______________________________________
More information about the Python-bugs-list
mailing list