Author dstufft
Recipients Arfrever, alex, benjamin.peterson, christian.heimes, dstufft, ezio.melotti, lemburg, ncoghlan, pitrou, r.david.murray, vstinner
Date 2014-03-21.17:56:57
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1395424617.39.0.382437341994.issue20995@psf.upfronthosting.co.za>
In-reply-to
Content
Note: The RC4 and DSS exclusion existed previously on the restricted ciphers so we'd have to ask Christian why he did that. For me personally the restricted ciphers are intended to be best practice ciphers and that means no RC4. DSS here I'm kind of meh about the same way I was for the default ciphers. DSA has historically had problems with weak RNGs and as far as I'm aware no CA's actually issue DSS certificates. But I mostly left !DSS in the restricted set because Christian had it in originally.

This might be a case where to really do "best practices" we need to diverge between client and server. For a server I definitely think putting RC4 in the cipher string is a bad thing. For clients it is not the greatest thing but it more closely matches what browsers do because there are a few services here and there which only expose RC4.
History
Date User Action Args
2014-03-21 17:56:57dstufftsetrecipients: + dstufft, lemburg, ncoghlan, pitrou, vstinner, christian.heimes, benjamin.peterson, ezio.melotti, Arfrever, alex, r.david.murray
2014-03-21 17:56:57dstufftsetmessageid: <1395424617.39.0.382437341994.issue20995@psf.upfronthosting.co.za>
2014-03-21 17:56:57dstufftlinkissue20995 messages
2014-03-21 17:56:57dstufftcreate