This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author dstufft
Recipients Arfrever, alex, benjamin.peterson, christian.heimes, dstufft, ezio.melotti, lemburg, ncoghlan, pitrou, r.david.murray, vstinner
Date 2014-03-20.23:33:18
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1395358398.54.0.175789268673.issue20995@psf.upfronthosting.co.za>
In-reply-to
Content
Oh, Additionally Marc:

Even if some system administrator or some system out there does patch their OpenSSL to actually be safe by default Python changing it's cipher string only adds to the potential security (or at worst does nothing). If even one system (of which there are legion) does not do that patch then Python changing it's ciphers will protect that user.

The failure mode for a bad cipher is silent insecurity, the failure mode for not having a needed cipher is an obvious error.
History
Date User Action Args
2014-03-20 23:33:18dstufftsetrecipients: + dstufft, lemburg, ncoghlan, pitrou, vstinner, christian.heimes, benjamin.peterson, ezio.melotti, Arfrever, alex, r.david.murray
2014-03-20 23:33:18dstufftsetmessageid: <1395358398.54.0.175789268673.issue20995@psf.upfronthosting.co.za>
2014-03-20 23:33:18dstufftlinkissue20995 messages
2014-03-20 23:33:18dstufftcreate