Message 149977 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	pitrou
Recipients	gregory.p.smith, jcea, naif, pitrou
Date	2011年12月21日.10:13:49
SpamBayes Score	0.0016471854
Marked as misclassified	No
Message-id	<1324462430.11.0.0192357411555.issue13636@psf.upfronthosting.co.za>

Content
I think we should relax the constraints a bit (RC4 seems ok for TLS/SSL use ()) and therefore suggest we settle on "DEFAULT:!LOW:!EXPORT:!aNULL:!eNULL:!SSLv2". (OpenSSL's default is "DEFAULT:!aNULL:!eNULL", so we're really disabling weak ciphers) () Wikipedia even notes: "RC4, being a stream cipher, is the only common cipher which is immune[7] to the 2011 BEAST attack on TLS 1.0, which exploits a known weakness in the way cipher block chaining mode is used with all of the other ciphers supported by TLS 1.0, which are all block ciphers"

Content

I think we should relax the constraints a bit (RC4 seems ok for TLS/SSL use (*)) and therefore suggest we settle on "DEFAULT:!LOW:!EXPORT:!aNULL:!eNULL:!SSLv2".
(OpenSSL's default is "DEFAULT:!aNULL:!eNULL", so we're really disabling weak ciphers)
(*) Wikipedia even notes: "RC4, being a stream cipher, is the only common cipher which is immune[7] to the 2011 BEAST attack on TLS 1.0, which exploits a known weakness in the way cipher block chaining mode is used with all of the other ciphers supported by TLS 1.0, which are all block ciphers"

History
Date	User	Action	Args
2011年12月21日 10:13:50	pitrou	set	recipients: + pitrou, gregory.p.smith, jcea, naif
2011年12月21日 10:13:50	pitrou	set	messageid: <1324462430.11.0.0192357411555.issue13636@psf.upfronthosting.co.za>
2011年12月21日 10:13:49	pitrou	link	issue13636 messages
2011年12月21日 10:13:49	pitrou	create

homepage