[issue27850] Remove 3DES from cipher list (sweet32 CVE-2016-2183)
Christian Heimes
report at bugs.python.org
Wed Sep 7 17:02:14 EDT 2016
Christian Heimes added the comment:
On 2016-09-07 05:06, Larry Hastings wrote:
>
> Larry Hastings added the comment:
>
>> FWIW the cipher list (at least the restricted ones for
>> ssl.create_default_context()) is explicitly documented
>> as being able to be changed at any time without prior deprecation
>
> Yes. To be specific: "The protocol, options, cipher and other settings may change to more restrictive values anytime without prior deprecation."
>
> https://docs.python.org/3/library/ssl.html#ssl.create_default_context
>
> I've seen no documentation suggesting that we can add new ciphers at any time.
ChaCha20 is part of the HIGH cipher set. That means the patch does not
*add* ChaCha20. It's already added by the HIGH rule. The patch rather
moves the cipher ChaCha20 Poly1305 suits in the right place.
Christian
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27850>
_______________________________________
More information about the Python-bugs-list
mailing list