]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d951157) | patch
bpo-31429: Define TLS cipher suite on build time (#3532)
authorChristian Heimes <christian@python.org>
Mon, 29 Jan 2018 13:10:18 +0000 (14:10 +0100)
committerGitHub <noreply@github.com>
Mon, 29 Jan 2018 13:10:18 +0000 (14:10 +0100)
commit892d66e422d5367673163d62ba40cd70a37d5cf7
treea9df16cdf788980f62f6ec04c010ece4d85bf822tree | snapshot
parentd951157268b2122109098c792562b71ccc41920bcommit | diff
bpo-31429: Define TLS cipher suite on build time (#3532)

Until now Python used a hard coded white list of default TLS cipher
suites. The old approach has multiple downsides. OpenSSL's default
selection was completely overruled. Python did neither benefit from new
cipher suites (ChaCha20, TLS 1.3 suites) nor blacklisted cipher suites.
For example we used to re-enable 3DES.

Python now defaults to OpenSSL DEFAULT cipher suite selection and black
lists all unwanted ciphers. Downstream vendors can override the default
cipher list with --with-ssl-default-suites.

Signed-off-by: Christian Heimes <christian@python.org>
Doc/whatsnew/3.7.rst diff | blob | history
Lib/ssl.py diff | blob | history
Lib/test/test_ssl.py diff | blob | history
Misc/NEWS.d/next/Library/2018-01-28-22-40-05.bpo-31429.qNt8rQ.rst [new file with mode: 0644] blob
Modules/_ssl.c diff | blob | history
configure diff | blob | history
configure.ac diff | blob | history
pyconfig.h.in diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.