[issue20995] Use Better Default Ciphers for the SSL Module
Donald Stufft
report at bugs.python.org
Thu Mar 20 18:54:58 CET 2014
Donald Stufft added the comment:
Yea I noticed that, so I was doing some more testing, here's what I think we should be using (It Adds back in RC4):
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:ECDH+RC4:DH+RC4:RSA+RC4!aNULL:!MD5:!DSS
This gives us everything that DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2 does except for the ciphers list here https://gist.github.com/dstufft/251dbeb8962e2182e668 on my OpenSSL 1.0.1f install.
Antoine, your cipher string priortizes ECDHE RC4 over DHE AES or even just plain AES. The string I'm proposing has been carefully crafted in order to get the ciphers in a very particular order. That order is basically - 1) Security of the cipher itself 2) PFS 3) Performance while also maintaining compatibility both forwards and backwards.
RC4 is in a precarious condition and it's use should be heavily discouraged. It is still required in some cases which is why my revised default cipher suggestion includes it, but at the end as a last fall back. At that point if RC4 gets selected it's the servers fault and the client did everything it could except refuse.
I still do believe that this should be the default ciphers while my original string should be the "restricted" ciphers that create_default_context() uses.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20995>
_______________________________________
More information about the Python-bugs-list
mailing list