Message 149770 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	naif
Recipients	naif, pitrou
Date	2011-12-18.15:46:24
SpamBayes Score	0.00042050012
Marked as misclassified	No
Message-id	<1324223203.37.0.920691023639.issue13626@psf.upfronthosting.co.za>
In-reply-to

Content
Please look at how PHP implement the feature. It doesn't use any PEM or any Key File, but just initiatlize the DH parameters. Stud instead, ask the user to generate "offline" the DH parameters and save it into the PEM file. I think that the PHP approach it's better than the STUD one: It does not require any file or key to generate DH parameters. This is the way to have supported ciphers such as DHE-RSA-AES256-SHA ( http://www.openssl.org/docs/apps/ciphers.html ) that now cannot be used because the Python SSL binding doesn't initialize the DH parameters.

Please look at how PHP implement the feature.
It doesn't use any PEM or any Key File, but just initiatlize the DH parameters.

Stud instead, ask the user to generate "offline" the DH parameters and save it into the PEM file.

I think that the PHP approach it's better than the STUD one:
It does not require any file or key to generate DH parameters.

This is the way to have supported ciphers such as DHE-RSA-AES256-SHA (
http://www.openssl.org/docs/apps/ciphers.html ) that now cannot be used because the Python SSL binding doesn't initialize the DH parameters.

History
Date	User	Action	Args
2011-12-18 15:46:43	naif	set	recipients: + naif, pitrou
2011-12-18 15:46:43	naif	set	messageid: <1324223203.37.0.920691023639.issue13626@psf.upfronthosting.co.za>
2011-12-18 15:46:24	naif	link	issue13626 messages
2011-12-18 15:46:24	naif	create