Message277235
| Author |
christian.heimes |
| Recipients |
Jim.Jewett, Lukasa, alex, christian.heimes, dstufft, georg.brandl, giampaolo.rodola, hynek, janssen, larry, python-dev, steve.dower |
| Date |
2016年09月22日.18:40:38 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1474569638.73.0.898100512171.issue27850@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
Larry, the issue has nothing to do with the TLS/SSL library or implementation. It's about cipher suite selection. All (!) SSL libraries are affected because they had 3DES enabled as legacy fallback.
Fun fact: OpenSSL latest security fix has addressed the issue and disabled 3DES by default. But Python overrides the fix and enables 3DES again. LibreSSL hasn't announced a fix yet.
By the way I don't take LibreSSL serious. The developers are all cookie about best practice and security but they don't even offer HTTPS on their website or for downloads. Yes, the official download location for LibreSSL does not support secure file transfer. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2016年09月22日 18:40:38 | christian.heimes | set | recipients:
+ christian.heimes, georg.brandl, janssen, larry, giampaolo.rodola, alex, python-dev, hynek, Jim.Jewett, steve.dower, dstufft, Lukasa |
| 2016年09月22日 18:40:38 | christian.heimes | set | messageid: <1474569638.73.0.898100512171.issue27850@psf.upfronthosting.co.za> |
| 2016年09月22日 18:40:38 | christian.heimes | link | issue27850 messages |
| 2016年09月22日 18:40:38 | christian.heimes | create |
|