[Security-sig] Pending security features for 3.6

Christian Heimes christian at python.org
Fri Aug 26 08:28:57 EDT 2016


Hi,

thanks for the feedback. Since my last mail a couple of things have
happened.

Victor has reviewed my AF_ALG patch and I got some feedback on a new
variant of setsockopt() on python-dev. The patch is almost ready.

I have submitted updated patch for SHA-3 and BLAKE2 support. Both need a
final review and ACK.

OpenSSL 1.1 has been released and block ciphers with small blocks have
been found insecure. This affects 3DES i our default cipher list.
OpenSSL 1.1.0 has removed 3DES, which broke one test. I'm going to
update my OpenSSL 1.1 patch soonish.

I have two more security tickets in the queue. Please give feedback.


Remove 3DES from cipher list (sweet32 CVE-2016-2183)
----------------------------------------------------
https://bugs.python.org/issue27850

Fix for https://sweet32.info/


ssl: get list of enabled ciphers
--------------------------------

https://github.com/tiran/cpython/tree/feature/openssl_ciphers
https://bugs.python.org/issue27866

Counter part of SSLContext.set_ciphers(), SSLContext.get_ciphers()
returns list of dicts with enabled ciphers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/security-sig/attachments/20160826/8c2ce535/attachment.sig>


More information about the Security-SIG mailing list