[Python-Dev] Controlling the cipher list for SSL connections
Chris Frantz
frantzcj at gmail.com
Thu Sep 10 20:26:09 CEST 2009
Bill,
For now, using pyOpenSSL is acceptable. I just discovered that the
web.py framework wants pyOpenSSL. Since my project is also using
web.py, I'll need pyOpenSSL anyway.
Thank you,
--Chris
On Thu, Sep 10, 2009 at 1:14 PM, Bill Janssen<janssen at parc.com> wrote:
> Chris,
>
> OK, seems reasonable. Thanks. In the near term, can you do this with
> M2Crypto or PyOpenSSL?
>
> When I started this update in 2007, we were trying to keep the API
> simple to avoid confusing people and avoid competition with the two
> full-fledged toolkits out there. But I don't see any real reason not to
> extend the API a bit.
>
> Bill
>
> Chris Frantz <frantzcj at gmail.com> wrote:
>
>> Bill,
>>
>> I agree that it's usually better to let the SSL implementation pick
>> the ciphers.
>>
>> I have a certain device that I'd like to talk to that is running on an
>> underpowered embedded CPU. When I let OpenSSL pick the ciphers, it
>> chooses something like EDH-RSA-AES-SHA and takes about 3.5 seconds to
>> finish the handshake. If I can restrict the cipher list to
>> RSA-RC4-SHA I can reduce the handshake time to less than a second and
>> improve the throughput of any bulk data transfer over the connection.
>>
>> --Chris
>>
>>
>>
>> On Thu, Sep 10, 2009 at 12:09 PM, Bill Janssen<janssen at parc.com> wrote:
>> > Thanks, Chris. Can you explain why you want to set the cipher list
>> > explicitly? IMO, it's usually better to select a security scheme (TLS1,
>> > or SSLv3, etc.), and let the implementation pick the cipher list.
>> >
>> > Bill
>> >
>> > Chris Frantz <frantzcj at gmail.com> wrote:
>> >
>> >> Done.
>> >>
>> >> Attached to Issue 3597, which is a similar request to mine.
>> >>
>> >> Best Regards,
>> >> --Chris
>> >> _______________________________________________
>> >> Python-Dev mailing list
>> >> Python-Dev at python.org
>> >> http://mail.python.org/mailman/listinfo/python-dev
>> >> Unsubscribe: http://mail.python.org/mailman/options/python-dev/janssen%40parc.com
>> >
>
More information about the Python-Dev
mailing list