Message 102757 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pitrou
Recipients	Arfrever, benjamin.peterson, flox, giampaolo.rodola, janssen, pitrou, vstinner
Date	2010-04-09.22:36:59
SpamBayes Score	1.445101e-05
Marked as misclassified	No
Message-id	<1270852621.17.0.261570113194.issue8322@psf.upfronthosting.co.za>
In-reply-to

Content
After some investigation, the error does occur because of the aforementioned changelog entry (SSLv2 weak ciphers are now disabled by default). To check it I just added the following line to newPySSLObject(): SSL_CTX_set_cipher_list(self->ctx, "ALL"); Of course this isn't desirable: we shouldn't blindly enable weak ciphers. Instead we could simply add an argument to configure allowed ciphers, and use "ALL" in our tests. Or we could add a separate method to configure ciphers. (this begs the question of whether this is suitable post-beta1) What do you think?

After some investigation, the error does occur because of the aforementioned changelog entry (SSLv2 weak ciphers are now disabled by default). To check it I just added the following line to newPySSLObject():

     SSL_CTX_set_cipher_list(self->ctx, "ALL");

Of course this isn't desirable: we shouldn't blindly enable weak ciphers. Instead we could simply add an argument to configure allowed ciphers, and use "ALL" in our tests. Or we could add a separate method to configure ciphers.

(this begs the question of whether this is suitable post-beta1)

What do you think?

History
Date	User	Action	Args
2010-04-09 22:37:01	pitrou	set	recipients: + pitrou, janssen, vstinner, giampaolo.rodola, benjamin.peterson, Arfrever, flox
2010-04-09 22:37:01	pitrou	set	messageid: <1270852621.17.0.261570113194.issue8322@psf.upfronthosting.co.za>
2010-04-09 22:36:59	pitrou	link	issue8322 messages
2010-04-09 22:36:59	pitrou	create