[Python-Dev] Controlling the cipher list for SSL connections
Bill Janssen
janssen at parc.com
Thu Sep 10 20:14:51 CEST 2009
Chris,
OK, seems reasonable. Thanks. In the near term, can you do this with
M2Crypto or PyOpenSSL?
When I started this update in 2007, we were trying to keep the API
simple to avoid confusing people and avoid competition with the two
full-fledged toolkits out there. But I don't see any real reason not to
extend the API a bit.
Bill
Chris Frantz <frantzcj at gmail.com> wrote:
> Bill,
>
> I agree that it's usually better to let the SSL implementation pick
> the ciphers.
>
> I have a certain device that I'd like to talk to that is running on an
> underpowered embedded CPU. When I let OpenSSL pick the ciphers, it
> chooses something like EDH-RSA-AES-SHA and takes about 3.5 seconds to
> finish the handshake. If I can restrict the cipher list to
> RSA-RC4-SHA I can reduce the handshake time to less than a second and
> improve the throughput of any bulk data transfer over the connection.
>
> --Chris
>
>
>
> On Thu, Sep 10, 2009 at 12:09 PM, Bill Janssen<janssen at parc.com> wrote:
> > Thanks, Chris. Can you explain why you want to set the cipher list
> > explicitly? IMO, it's usually better to select a security scheme (TLS1,
> > or SSLv3, etc.), and let the implementation pick the cipher list.
> >
> > Bill
> >
> > Chris Frantz <frantzcj at gmail.com> wrote:
> >
> >> Done.
> >>
> >> Attached to Issue 3597, which is a similar request to mine.
> >>
> >> Best Regards,
> >> --Chris
> >> _______________________________________________
> >> Python-Dev mailing list
> >> Python-Dev at python.org
> >> http://mail.python.org/mailman/listinfo/python-dev
> >> Unsubscribe: http://mail.python.org/mailman/options/python-dev/janssen%40parc.com
> >
More information about the Python-Dev
mailing list