Message 272750 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Lukasa
Recipients	Lukasa, alex, christian.heimes, dstufft, giampaolo.rodola, hynek, janssen
Date	2016-08-15.11:12:25
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1471259545.6.0.0861985248115.issue27766@psf.upfronthosting.co.za>
In-reply-to

Content
Yup. So for Requests at least, the fix is easy: because OpenSSL kindly just quietly ignores cipher suites it doesn't know about we can unconditionally add it to the requests/urllib3 cipher string. In the first instance we'll just do it statically, and then we can consider down the road whether Python/cryptography could give us a way to ask whether we should prefer ChaCha20 over AES-GCM. In the short term, my expectation is that we'd still want to prioritise AES-GCM over ChaCha20 in Requests: is there any reason to think that I'm wrong there?

Yup. So for Requests at least, the fix is easy: because OpenSSL kindly just quietly ignores cipher suites it doesn't know about we can unconditionally add it to the requests/urllib3 cipher string. In the first instance we'll just do it statically, and then we can consider down the road whether Python/cryptography could give us a way to ask whether we should prefer ChaCha20 over AES-GCM.

In the short term, my expectation is that we'd still want to prioritise AES-GCM over ChaCha20 in Requests: is there any reason to think that I'm wrong there?

History
Date	User	Action	Args
2016-08-15 11:12:25	Lukasa	set	recipients: + Lukasa, janssen, giampaolo.rodola, christian.heimes, alex, hynek, dstufft
2016-08-15 11:12:25	Lukasa	set	messageid: <1471259545.6.0.0861985248115.issue27766@psf.upfronthosting.co.za>
2016-08-15 11:12:25	Lukasa	link	issue27766 messages
2016-08-15 11:12:25	Lukasa	create