[issue13626] Python SSL stack doesn't support DH ciphers
Antoine Pitrou
report at bugs.python.org
Sun Dec 18 17:04:53 CET 2011
Antoine Pitrou <pitrou at free.fr> added the comment:
Well the OpenSSL docs say “DH_generate_parameters() may run for several hours before finding a suitable prime”, which sounds like a good reason not to do it every time your program is run.
Anyway, SSL_CTX_set_tmp_dh() should allow us to set DH parameters on a SSL context, PEM_read_DHparams() to read them from a PEM file, and OpenSSL's source tree has a couple of PEM files with "strong" DH parameters for various key sizes.
----------
stage: -> needs patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13626>
_______________________________________
More information about the Python-bugs-list
mailing list