Message 214239 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	dstufft
Recipients	benjamin.peterson, christian.heimes, dstufft, ezio.melotti, lemburg, ncoghlan, pitrou, vstinner
Date	2014-03-20.14:11:16
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1395324676.75.0.303580402974.issue20995@psf.upfronthosting.co.za>
In-reply-to

Content
As of right now the default cipher list for the ssl module is DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2, additionally on Python 3.4 when you use create_default_context() then you also additionally get HIGH:!aNULL:!RC4:!DSS. I think we should change this to the cipher string: ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS This will: * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) * prefer ECDHE over DHE for better performance * prefer any AES-GCM over any AES-CBC for better performance and security * use 3DES as fallback which is secure but slow * disable NULL authentication, MD5 MACs and DSS for security reasons This cipher string is taken from urllib3 where it was compiled through the resources of: * https://www.ssllabs.com/projects/best-practices/index.html * https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ The compatibility of this is pretty good. The only time this should cause a connection to fail is if a server is using an insecure cipher and in that case you can re-enable it by simply passing the original cipher list through the ssl.wrap_socket ciphers function.

As of right now the default cipher list for the ssl module is DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2, additionally on Python 3.4 when you use create_default_context() then you also additionally get HIGH:!aNULL:!RC4:!DSS.

I think we should change this to the cipher string:

ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

This will:

* Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
* prefer ECDHE over DHE for better performance
* prefer any AES-GCM over any AES-CBC for better performance and security
* use 3DES as fallback which is secure but slow
* disable NULL authentication, MD5 MACs and DSS for security reasons

This cipher string is taken from urllib3 where it was compiled through the resources of:

* https://www.ssllabs.com/projects/best-practices/index.html
* https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

The compatibility of this is pretty good. The only time this should cause a connection to *fail* is if a server is using an insecure cipher and in that case you can re-enable it by simply passing the original cipher list through the ssl.wrap_socket ciphers function.

History
Date	User	Action	Args
2014-03-20 14:11:16	dstufft	set	recipients: + dstufft, lemburg, ncoghlan, pitrou, vstinner, christian.heimes, benjamin.peterson, ezio.melotti
2014-03-20 14:11:16	dstufft	set	messageid: <1395324676.75.0.303580402974.issue20995@psf.upfronthosting.co.za>
2014-03-20 14:11:16	dstufft	link	issue20995 messages
2014-03-20 14:11:16	dstufft	create