From: Christian Heimes Date: Tue, 6 Sep 2016 18:07:58 +0000 (+0200) Subject: Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ChaCha20... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ac041c0aa721e2672dfb684562b08ad5465b76b1;p=python Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ChaCha20 Poly1305. --- ac041c0aa721e2672dfb684562b08ad5465b76b1 diff --cc Doc/library/ssl.rst index 892c0ea124,01d86c8beb..3706a6e896 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@@ -285,6 -279,12 +285,12 @@@ purposes RC4 was dropped from the default cipher string. - .. versionchanged:: 3.5.3 ++ .. versionchanged:: 3.6 + + ChaCha20/Poly1305 was added to the default cipher string. + + 3DES was dropped from the default cipher string. + Random generation ^^^^^^^^^^^^^^^^^ diff --cc Misc/NEWS index 15aedb644f,a443f938be..1416c74dec --- a/Misc/NEWS +++ b/Misc/NEWS @@@ -85,31 -39,35 +85,37 @@@ Core and Builtin Library ------- + - Issue #27850: Remove 3DES from ssl module's default cipher list to counter + measure sweet32 attack (CVE-2016-2183). + + - Issue #27766: Add ChaCha20 Poly1305 to ssl module's default ciper list. + (Required OpenSSL 1.1.0 or LibreSSL). + +- Issue #25387: Check return value of winsound.MessageBeep. + +- Issue #27866: Add SSLContext.get_ciphers() method to get a list of all + enabled ciphers. + +- Issue #27744: Add AF_ALG (Linux Kernel crypto) to socket module. + - Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. +- Issue #11620: Fix support for SND_MEMORY in winsound.PlaySound. Based on a + patch by Tim Lesher. + +- Issue #11734: Add support for IEEE 754 half-precision floats to the + struct module. Based on a patch by Eli Stevens. + +- Issue #27919: Deprecated ``extra_path`` distribution option in distutils + packaging. + +- Issue #23229: Add new ``cmath`` constants: ``cmath.inf`` and ``cmath.nan`` to + match ``math.inf`` and ``math.nan``, and also ``cmath.infj`` and + ``cmath.nanj`` to match the format used by complex repr. + +- Issue #27842: The csv.DictReader now returns rows of type OrderedDict. + (Contributed by Steve Holden.) + - Remove support for passing a file descriptor to os.access. It never worked but previously didn't raise.