Message149828
| Author |
naif |
| Recipients |
jcea, naif, pitrou |
| Date |
2011年12月19日.10:32:33 |
| SpamBayes Score |
0.0008670557 |
| Marked as misclassified |
No |
| Message-id |
<1324290754.24.0.917273225252.issue13627@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
So, with this patch it should be possible to strictly enable ciphers such as:
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1
ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1
Which ciphers did you negotiated succesfully?
While with the implementation of http://bugs.python.org/issue13627 (DH/DHE ciphers) we should be able to negotiate:
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA (SSLv3)
TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA (TLSv1)
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA (TLSv1)
TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA (TLSv1)
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA (TLSv1)
TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA
Do you expect it would be a difficult step to handle also the DH/DHE (non ECC) negotiation?
Additionally it would be imho very important if the Python language would provide a "default ciphers setup" that look at maximum compatibility, performance and security.
If it sounds fine for you, i would open another ticket to create a default cipherlist. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2011年12月19日 10:32:34 | naif | set | recipients:
+ naif, jcea, pitrou |
| 2011年12月19日 10:32:34 | naif | set | messageid: <1324290754.24.0.917273225252.issue13627@psf.upfronthosting.co.za> |
| 2011年12月19日 10:32:33 | naif | link | issue13627 messages |
| 2011年12月19日 10:32:33 | naif | create |
|