[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers
report at bugs.python.org
Mon Dec 19 13:33:47 CET 2011
Antoine Pitrou <pitrou at free.fr> added the comment:
> - Disable SSLv2
It should be disabled automatically since the SSLv2 cipher suites are not part of "HIGH": see http://www.openssl.org/docs/apps/ciphers.html#SSL_v2_0_cipher_suites_
> - Enable ECC/ECDHE by default
> - Enable DH/DHE by default
These both require parameters. I think adding simple instructions in the documentation would go a long way towards helping users. It would also probably be more instructive than silently choosing default values.
(after all, for ECDHE it's a one-line addition; DHE needs a separate file so it's less immediate)
> With this in place, i would then suggest to see which is the "Default
> ordered list of ciphers" with an SSL cipher scanner/wireshark.
I'm not really able to do that. Perhaps you can help?
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list