Message 149847 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	naif
Recipients	gregory.p.smith, naif, pitrou
Date	2011-12-19.12:19:10
SpamBayes Score	1.2644258e-05
Marked as misclassified	No
Message-id	<1324297150.81.0.798902647643.issue13636@psf.upfronthosting.co.za>
In-reply-to

Content
Ok for: 'HIGH:!aNULL:!eNULL' but also: - Disable SSLv2 - Enable ECC/ECDHE by default - Enable DH/DHE by default With this in place, i would then suggest to see which is the "Default ordered list of ciphers" with an SSL cipher scanner/wireshark. Then we would be able to know if the "default order" for the ciphers is reasonable or if we would need to manually organize it to have a preferred selection that consider security and performance, while keeping always compatibility. What do you think of an approach like this?

Ok for:
'HIGH:!aNULL:!eNULL'

but also:
- Disable SSLv2
- Enable ECC/ECDHE by default
- Enable DH/DHE by default

With this in place, i would then suggest to see which is the "Default ordered list of ciphers" with an SSL cipher scanner/wireshark.

Then we would be able to know if the "default order" for the ciphers is reasonable or if we would need to manually organize it to have a preferred selection that consider security and performance, while keeping always compatibility.

What do you think of an approach like this?

History
Date	User	Action	Args
2011-12-19 12:19:10	naif	set	recipients: + naif, gregory.p.smith, pitrou
2011-12-19 12:19:10	naif	set	messageid: <1324297150.81.0.798902647643.issue13636@psf.upfronthosting.co.za>
2011-12-19 12:19:10	naif	link	issue13636 messages
2011-12-19 12:19:10	naif	create