[New-bugs-announce] [issue13635] Python SSL stack doesn't support ordering of Ciphers

naif report at bugs.python.org
Mon Dec 19 11:44:03 CET 2011


New submission from naif <naif at globaleaks.org>:

The list of Ciphers for Python SSL binding for OpenSSL cannot be ordered in a specific list of preference.

This is a requirement for strict security environment where the ordered cipher list it's very important.

Apache support the ordering of ciphers trough the configuration of SSLHonorCipherOrder:
http://www.carbonwind.net/blog/post/Setting-the-preferred-cipher-suite-on-Apache-22x.aspx

Also Internet Explorer 7 support Ciphers order configuration:
https://blogs.technet.com/b/steriley/archive/2007/11/06/changing-the-ssl-cipher-order-in-internet-explorer-7-on-windows-vista.aspx?Redirected=true

Not having the ordered cipher list doesn't allow Python SSL stack configuration to be compliant with high security environment, de-facto representing a security vulnerability.

We suggest to fix the issue of lacking that feature.

----------
components: Library (Lib)
messages: 149831
nosy: naif
priority: normal
severity: normal
status: open
title: Python SSL stack doesn't support ordering of Ciphers
type: security
versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13635>
_______________________________________


More information about the New-bugs-announce mailing list