Message214404
> Er, I typed issue and meant usage. Right now the only difference
> between restricted ciphers and the default ciphers is restricted
> ciphers have no RC4 and no DSS. You wanted this issue limited to
> client changes and I'm not sure how to do that without enabling
> RC4/DSS for servers (which is a regression in the security of the
> restricted ciphers).
Hmm, fair enough, let's change them all at once here. Also, since
"restricted ciphers" aren't actually used by stdlib modules, I changed
my mind and think it's ok to disable RC4 and DSS :-)
I'll still open another issue for server-specific configuration: not the
ciphers, but other stuff. |
|
Date |
User |
Action |
Args |
2014-03-21 18:55:13 | pitrou | set | recipients:
+ pitrou, lemburg, ncoghlan, vstinner, christian.heimes, benjamin.peterson, ezio.melotti, Arfrever, alex, r.david.murray, dstufft |
2014-03-21 18:55:13 | pitrou | link | issue20995 messages |
2014-03-21 18:55:13 | pitrou | create | |
|