[issue20995] Use Better Default Ciphers for the SSL Module
Donald Stufft
report at bugs.python.org
Thu Mar 20 15:11:16 CET 2014
New submission from Donald Stufft:
As of right now the default cipher list for the ssl module is DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2, additionally on Python 3.4 when you use create_default_context() then you also additionally get HIGH:!aNULL:!RC4:!DSS.
I think we should change this to the cipher string:
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
This will:
* Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
* prefer ECDHE over DHE for better performance
* prefer any AES-GCM over any AES-CBC for better performance and security
* use 3DES as fallback which is secure but slow
* disable NULL authentication, MD5 MACs and DSS for security reasons
This cipher string is taken from urllib3 where it was compiled through the resources of:
* https://www.ssllabs.com/projects/best-practices/index.html
* https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
The compatibility of this is pretty good. The only time this should cause a connection to *fail* is if a server is using an insecure cipher and in that case you can re-enable it by simply passing the original cipher list through the ssl.wrap_socket ciphers function.
----------
messages: 214239
nosy: benjamin.peterson, christian.heimes, dstufft, ezio.melotti, haypo, lemburg, ncoghlan, pitrou
priority: normal
severity: normal
status: open
title: Use Better Default Ciphers for the SSL Module
versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4, Python 3.5
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20995>
_______________________________________
More information about the Python-bugs-list
mailing list