[Python-Dev] Enable Hostname and Certificate Chain Validation
christian at python.org
Wed Jan 22 15:13:00 CET 2014
On 22.01.2014 13:43, Jesse Noller wrote:
> I have to concur with Donald here - in the case of security, especially language security which directly impacts the implicit security of downstream applications, I should not have to opt in to the most secure defaults.
> Yes; this potentially breaks applications relying on insecure / loose defaults. However it changes the model to "you are by default, explicitly secure" then relying on the domain knowledge of an application developer to harden their application.
> When, if this changes, an application breaks, it will be in a plainly obvious way which can quickly be resolved.
> Donald is perfectly right: today, it's trivial to MITM an application that relies off of the current behavior; this is bad news bears for users and developers as it means they need domain knowledge to secure their applications by default they may not have.
For 3.5 I'd like to work on a policy framework for the ssl where
application can define policies like SSL/TLS version, cert store,
verification modes etc. etc. I'll discuss my ideas with Donald, Alex and
the other crypto guys as soon as I have settled in with my new job and town.
More information about the Python-Dev