[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou report at bugs.python.org
Mon Dec 19 13:33:47 CET 2011

Antoine Pitrou <pitrou at free.fr> added the comment:

> - Disable SSLv2

It should be disabled automatically since the SSLv2 cipher suites are not part of "HIGH": see http://www.openssl.org/docs/apps/ciphers.html#SSL_v2_0_cipher_suites_

> - Enable ECC/ECDHE by default
> - Enable DH/DHE by default

These both require parameters. I think adding simple instructions in the documentation would go a long way towards helping users. It would also probably be more instructive than silently choosing default values.

(after all, for ECDHE it's a one-line addition; DHE needs a separate file so it's less immediate)

> With this in place, i would then suggest to see which is the "Default
> ordered list of ciphers" with an SSL cipher scanner/wireshark.

I'm not really able to do that. Perhaps you can help?


Python tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list