This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Lukasa
Recipients Lukasa, alex, christian.heimes, dstufft, giampaolo.rodola, hynek, janssen
Date 2016-08-15.11:12:25
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Yup. So for Requests at least, the fix is easy: because OpenSSL kindly just quietly ignores cipher suites it doesn't know about we can unconditionally add it to the requests/urllib3 cipher string. In the first instance we'll just do it statically, and then we can consider down the road whether Python/cryptography could give us a way to ask whether we should prefer ChaCha20 over AES-GCM.

In the short term, my expectation is that we'd still want to prioritise AES-GCM over ChaCha20 in Requests: is there any reason to think that I'm wrong there?
Date User Action Args
2016-08-15 11:12:25Lukasasetrecipients: + Lukasa, janssen, giampaolo.rodola, christian.heimes, alex, hynek, dstufft
2016-08-15 11:12:25Lukasasetmessageid: <>
2016-08-15 11:12:25Lukasalinkissue27766 messages
2016-08-15 11:12:25Lukasacreate