This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
| Author | naif |
|---|---|
| Recipients | naif |
| Date | 2011年12月18日.13:37:58 |
| SpamBayes Score | 8.367155e-06 |
| Marked as misclassified | No |
| Message-id | <1324215538.93.0.209202773548.issue13627@psf.upfronthosting.co.za> |
| In-reply-to |
| Content | |
|---|---|
Python SSL doesn't support Elliptic Curve ciphers in in all version tested. This is a serious performance issue because it's not possible to use as a server or as client the performance improvement provided by ECC based ciphers. Nowdays ECC are supported by all latests browsers. ECC provide a strong performance improvements (even x3) also when used with Perfect Forward Secrecy enabled ciphers like described on: http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html In order to enable ECC ciphers (and eventually ECC keys) the SSL implementation the in the file Modules/_ssl.c must be modified. For example apache had several modifications to support ECC on their SSL (openssl based) stack: https://issues.apache.org/bugzilla/show_bug.cgi?id=40132 https://build.opensuse.org/package/view_file?file=httpd-ssl-ecc-ecdh.patch&package=apache2&project=home%3Aelvigia%3Atls1.2&rev=2 So Python SSL module should introduce similar modifications to fully support Elliptic Curve ciphers for SSL in order to: - Provide performance improvements - Provide cryptography security improvements - Allow writing of applications compliant with NSA Suite-B standard |
|
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2011年12月18日 13:38:59 | naif | set | recipients: + naif |
| 2011年12月18日 13:38:58 | naif | set | messageid: <1324215538.93.0.209202773548.issue13627@psf.upfronthosting.co.za> |
| 2011年12月18日 13:37:58 | naif | link | issue13627 messages |
| 2011年12月18日 13:37:58 | naif | create | |