This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pitrou
Recipients gregory.p.smith, naif, pitrou
Date 2011-12-19.12:33:46
SpamBayes Score 0.0011567014
Marked as misclassified No
Message-id <1324298027.42.0.503894765572.issue13636@psf.upfronthosting.co.za>
In-reply-to
Content 
> - Disable SSLv2

It should be disabled automatically since the SSLv2 cipher suites are not part of "HIGH": see http://www.openssl.org/docs/apps/ciphers.html#SSL_v2_0_cipher_suites_

> - Enable ECC/ECDHE by default
> - Enable DH/DHE by default

These both require parameters. I think adding simple instructions in the documentation would go a long way towards helping users. It would also probably be more instructive than silently choosing default values.

(after all, for ECDHE it's a one-line addition; DHE needs a separate file so it's less immediate)

> With this in place, i would then suggest to see which is the "Default
> ordered list of ciphers" with an SSL cipher scanner/wireshark.

I'm not really able to do that. Perhaps you can help?
History
Date User Action Args
2011-12-19 12:33:47pitrousetrecipients: + pitrou, gregory.p.smith, naif
2011-12-19 12:33:47pitrousetmessageid: <1324298027.42.0.503894765572.issue13636@psf.upfronthosting.co.za>
2011-12-19 12:33:46pitroulinkissue13636 messages
2011-12-19 12:33:46pitroucreate