Message388010
> It would be advisable for Python3 to start enforcing security level 2, and prohibit DTLS v1.1 and lower by default too. By configuring openssl library on the host with setting security level, and/or setting min versions (if openssl on the host supports such api). Because allowing to use TLS v1.1 and lower out of the box is irresponsible.
We are going to change the default settings in our own OpenSSL builds together with https://www.python.org/dev/peps/pep-0644/ . For Linux distros we will rely on distro-wide crypto policies. |
|
Date |
User |
Action |
Args |
2021-03-03 09:27:53 | christian.heimes | set | recipients:
+ christian.heimes, nascheme, gregory.p.smith, ned.deily, lukasz.langa, xnox, brandtbucher |
2021-03-03 09:27:53 | christian.heimes | set | messageid: <1614763673.51.0.107197216363.issue43382@roundup.psfhosted.org> |
2021-03-03 09:27:53 | christian.heimes | link | issue43382 messages |
2021-03-03 09:27:53 | christian.heimes | create | |
|