[issue27850] Remove 3DES from cipher list (sweet32 CVE-2016-2183)
Jim Jewett
report at bugs.python.org
Fri Aug 26 17:34:30 EDT 2016
Jim Jewett added the comment:
I think a python call is fine to require ... if they don't have the python
source they should have a support contract. I assume the advice followed is
intermediate, based on the earlier comment about xp and ie?
On Aug 26, 2016 9:46 AM, "Christian Heimes" <report at bugs.python.org> wrote:
>
> Christian Heimes added the comment:
>
> Patch for 3DES and ChaCha20 (#27766).
>
> For ChaCha the patch does not check CPU cap vector and just follows the
> advice from https://wiki.mozilla.org/Security/Server_Side_TLS#
> Modern_compatibility
>
> ----------
> keywords: +patch
> Added file: https://bugs.python.org/file44233/Remove-3DES-from-
> and-add-ChaCha20-Poly1305-to-cipher.patch
>
> _______________________________________
> Python tracker <report at bugs.python.org>
> <https://bugs.python.org/issue27850>
> _______________________________________
>
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue27850>
_______________________________________
More information about the Python-bugs-list
mailing list