Message277235
Larry, the issue has nothing to do with the TLS/SSL library or implementation. It's about cipher suite selection. All (!) SSL libraries are affected because they had 3DES enabled as legacy fallback.
Fun fact: OpenSSL latest security fix has addressed the issue and disabled 3DES by default. But Python overrides the fix and enables 3DES again. LibreSSL hasn't announced a fix yet.
By the way I don't take LibreSSL serious. The developers are all cookie about best practice and security but they don't even offer HTTPS on their website or for downloads. Yes, the official download location for LibreSSL does not support secure file transfer. |
|
Date |
User |
Action |
Args |
2016-09-22 18:40:38 | christian.heimes | set | recipients:
+ christian.heimes, georg.brandl, janssen, larry, giampaolo.rodola, alex, python-dev, hynek, Jim.Jewett, steve.dower, dstufft, Lukasa |
2016-09-22 18:40:38 | christian.heimes | set | messageid: <1474569638.73.0.898100512171.issue27850@psf.upfronthosting.co.za> |
2016-09-22 18:40:38 | christian.heimes | link | issue27850 messages |
2016-09-22 18:40:38 | christian.heimes | create | |
|