Message 214487 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	dstufft
Recipients	christian.heimes, dstufft, pitrou
Date	2014-03-22.16:26:49
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1395505610.58.0.148408426863.issue21013@psf.upfronthosting.co.za>
In-reply-to

Content
Attached is a patch that: * Switches the protocol to SSLv23 so that we can negotiate a TLS1.1 or TLS1.2 connection. * Sets OP_CIPHER_SERVER_PREFERENCE for Purpose.CLIENT_AUTH so that our carefully selected cipher priority gives us better encryption and PFS * Sets OP_SINGLE_DH_USE and OP_SINGLE_ECDH_USE for Purpose.CLIENT_AUTH to prevent re-use of the DH and ECDH keys in distinct sessions.

Attached is a patch that:

* Switches the protocol to SSLv23 so that we can negotiate a TLS1.1 or TLS1.2 connection.
* Sets OP_CIPHER_SERVER_PREFERENCE for Purpose.CLIENT_AUTH so that our carefully selected cipher priority gives us better encryption and PFS
* Sets OP_SINGLE_DH_USE and OP_SINGLE_ECDH_USE for Purpose.CLIENT_AUTH to prevent re-use of the DH and ECDH keys in distinct sessions.

History
Date	User	Action	Args
2014-03-22 16:26:50	dstufft	set	recipients: + dstufft, pitrou, christian.heimes
2014-03-22 16:26:50	dstufft	set	messageid: <1395505610.58.0.148408426863.issue21013@psf.upfronthosting.co.za>
2014-03-22 16:26:50	dstufft	link	issue21013 messages
2014-03-22 16:26:50	dstufft	create