[New-bugs-announce] [issue3597] Allow application developers to select ciphers, and default to strong in ssl lib

Heikki Toivonen report at bugs.python.org
Tue Aug 19 05:38:11 CEST 2008


New submission from Heikki Toivonen <hjtoi-bugzilla at comcast.net>:

The 2.6 documentation states selecting the most compatible SSLv23 mode
may mean low quality ciphers, which does not really help the application
developers. It would be better to provide a way to set the allowed
ciphers. Even better, IMO, would be if the ssl module would default to
the stronger ciphers. I use the following default in M2Crypto:
set_cipher_list('ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH').

----------
components: Library (Lib)
messages: 71406
nosy: heikki
severity: normal
status: open
title: Allow application developers to select ciphers, and default to strong in ssl lib
type: security
versions: Python 2.6

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue3597>
_______________________________________


More information about the New-bugs-announce mailing list