[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers
Antoine Pitrou
report at bugs.python.org
Wed Dec 21 11:13:50 CET 2011
Antoine Pitrou <pitrou at free.fr> added the comment:
I think we should relax the constraints a bit (RC4 seems ok for TLS/SSL use (*)) and therefore suggest we settle on "DEFAULT:!LOW:!EXPORT:!aNULL:!eNULL:!SSLv2".
(OpenSSL's default is "DEFAULT:!aNULL:!eNULL", so we're really disabling weak ciphers)
(*) Wikipedia even notes: “RC4, being a stream cipher, is the only common cipher which is immune[7] to the 2011 BEAST attack on TLS 1.0, which exploits a known weakness in the way cipher block chaining mode is used with all of the other ciphers supported by TLS 1.0, which are all block ciphers”
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13636>
_______________________________________
More information about the Python-bugs-list
mailing list