]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 51f3129) | patch
Issue #20995: Enhance default ciphers used by the ssl module
authorDonald Stufft <donald@stufft.io>
Sat, 22 Mar 2014 01:33:34 +0000 (21:33 -0400)
committerDonald Stufft <donald@stufft.io>
Sat, 22 Mar 2014 01:33:34 +0000 (21:33 -0400)
commit79ccaa2cad2a13f0da2f900a0f9f61cd6b619c99
treead16e54403a655838fb1338be48d4e8702312adftree | snapshot
parent51f3129ba2f87233006338c9c735fe4b0cc84036commit | diff
Issue #20995: Enhance default ciphers used by the ssl module

Closes #20995 by Enabling better security by prioritizing ciphers
such that:

* Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
* Prefer ECDHE over DHE for better performance
* Prefer any AES-GCM over any AES-CBC for better performance and security
* Then Use HIGH cipher suites as a fallback
* Then Use 3DES as fallback which is secure but slow
* Finally use RC4 as a fallback which is problematic but needed for
  compatibility some times.
* Disable NULL authentication, NULL encryption, and MD5 MACs for security
  reasons
Doc/library/ssl.rst diff | blob | history
Lib/ssl.py diff | blob | history
Misc/NEWS diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.