On Jul 7, 2013, at 11:09 AM, zooko <zooko@zooko.com> wrote:

Oh, there are some potential security problems, too, with Twisted Web! In its
default configuration it offers to use single-DES for encryption, which is a
bad idea even though it isn't clear (to me) whether an attacker could take
advantage of that.


It also has compression turned on, apparently, which could lead to a
vulnerability in very specific circumstances (called "CRIME"), and it by
default supports RC4, which has recently been condemned by cryptographers as
potentially unsafe.

Also, it does not, at least with default configuration, support forward

As far as I understand it, these are all just bad defaults that Twisted inherits from OpenSSL, and whoever built your particular OpenSSL.  (I'm pretty sure there are compile-time options for OpenSSL to not include DES, or at least to disable it by default.)  That's not to say that we shouldn't offer *better* defaults, but Twisted is not a cryptography library, and for better or worse we rely on OpenSSL's judgement because it's currently the only crypto library we support.

Twisted should have a better cipher-suite defaults and some better command-line options for 'twistd web' (probably in the form of better options for the SSL string endpoint syntax) for modifying those defaults if the user has a good reason to.  But really, it would be nicer to just defer to the judgement of a transport layer security library that has *good* judgement about defaults rather than re-hashing every questionable decision that OpenSSL makes.