[Python-Dev] Controlling the cipher list for SSL connections
Heikki Toivonen
htoivonen at spikesource.com
Thu Sep 10 20:32:16 CEST 2009
Bill Janssen wrote:
> OK, seems reasonable. Thanks. In the near term, can you do this with
> M2Crypto or PyOpenSSL?
>
> When I started this update in 2007, we were trying to keep the API
> simple to avoid confusing people and avoid competition with the two
> full-fledged toolkits out there. But I don't see any real reason not to
> extend the API a bit.
Speaking as the M2Crypto maintainer, I don't mind the stdlib competing
with M2Crypto/getting better at SSL. In fact, I would actually like to
see the stdlib SSL implementation getting good enough so that people
would not need M2Crypto for SSL (except maybe in special circumstances).
There is much M2Crypto does besides SSL so this wouldn't even obsolete it.
One of the main things IMO missing from stdlib SSL implementation is
hostname checking by default (with override option), but I know you and
I have different opinions on this. I would be happy to provide patches
against the stdlib SSL implementation for some things M2Crypto does that
the stdlib SSL module is missing if we could agree on the
features/design first. Simple is good, but I'd like the defaults to be
secure and commonly overridden things to be overrideable.
--
Heikki Toivonen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-dev/attachments/20090910/d6367287/attachment.pgp>
More information about the Python-Dev
mailing list