[Security-sig] Pending security features for 3.6
Cory Benfield
cory at lukasa.co.uk
Tue Aug 16 04:25:55 EDT 2016
For what it’s worth, I’d like to highlight the things that are extremely important to my area of the world (namely, securing HTTPS connections).
> On 15 Aug 2016, at 18:12, Christian Heimes <christian at python.org> wrote:
>
> Make ssl module compatible with OpenSSL 1.1.0
> ---------------------------------------------
> http://bugs.python.org/issue26470
> https://github.com/tiran/cpython/commits/feature/openssl110
> https://github.com/tiran/cpython/commits/feature/openssl110_27
>
> OpenSSL 1.1.0 changes several APIs, e.g. it makes structs opaque. The
> ticket has patches for 2.7 and 3.x series. It should be applied to all
> Python versions that are open for security patches.
This is extremely important. The 1.1 series of OpenSSL releases is going to be the only collection of OpenSSLs that get support for TLS 1.3, which contains several substantial security and resiliency enhancements. The fact that they’re dramatically changing their API, while annoying for backported Python releases, is not a good reason not to backport this. We should backport to 2.7 and the active 3.x releases for sure.
> Add ChaCha20 Poly1305 to SSL ciphers
> ------------------------------------
> http://bugs.python.org/issue27766
> https://github.com/tiran/cpython/commits/feature/chacha20
>
> The ticket changes the default cipher list and moves ChaCha20 Poly1305
> up front. For now the patch makes only sense with OpenSSL 1.1.0 since
> 1.0.2 does not include the cipher. I expect to see backports, though. It
> should be applied to all Python versions, too.
There’s no reason not to backport this too. ChaCha20-Poly1305 is not currently a security enhancement over the state of the art in TLS (AES-GCM), but it has performance advantages on some platforms and, more importantly, provides us another good AEAD to move to if AES-GCM is broken in any form.
Backporting this would also be advantageous, though not required for Requests or Twisted, which have already provided their equivalent patches.
> ssl: add public API for IA-32 processor capabilities vector
> -----------------------------------------------------------
> http://bugs.python.org/issue27768
>
> This ticket doesn't have a patch yet. I'm going to move code from ticket
> 27766 to a separate ticket. Alex and Cory have requested to make the API
> public.
I noted above that ChaCha20-Poly1305 performs better on some platforms. Specifically, it performs better on platforms without the AES-NI extended instruction set. Ideally on platforms without those instructions we’d prioritise ChaCha20-Poly1305 over AES-GCM, but right now we cannot ask that question from Python code. This API would allow us to do so. It’s not urgent, and I don’t mind if we don’t backport it, but it’d be extremely useful to have access to the API (and, to be clear, Requests will almost certainly use the API if it’s available from Python code, *even* if it’s private).
The rest are all good, but matter far less to the TLS crowd. =)
Cory
More information about the Security-SIG
mailing list