Message 388010 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	brandtbucher, christian.heimes, gregory.p.smith, lukasz.langa, nascheme, ned.deily, xnox
Date	2021-03-03.09:27:53
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1614763673.51.0.107197216363.issue43382@roundup.psfhosted.org>
In-reply-to

Content
> It would be advisable for Python3 to start enforcing security level 2, and prohibit DTLS v1.1 and lower by default too. By configuring openssl library on the host with setting security level, and/or setting min versions (if openssl on the host supports such api). Because allowing to use TLS v1.1 and lower out of the box is irresponsible. We are going to change the default settings in our own OpenSSL builds together with https://www.python.org/dev/peps/pep-0644/ . For Linux distros we will rely on distro-wide crypto policies.

> It would be advisable for Python3 to start enforcing security level 2, and prohibit DTLS v1.1 and lower by default too. By configuring openssl library on the host with setting security level, and/or setting min versions (if openssl on the host supports such api). Because allowing to use TLS v1.1 and lower out of the box is irresponsible.

We are going to change the default settings in our own OpenSSL builds together with https://www.python.org/dev/peps/pep-0644/ . For Linux distros we will rely on distro-wide crypto policies.

History
Date	User	Action	Args
2021-03-03 09:27:53	christian.heimes	set	recipients: + christian.heimes, nascheme, gregory.p.smith, ned.deily, lukasz.langa, xnox, brandtbucher
2021-03-03 09:27:53	christian.heimes	set	messageid: <1614763673.51.0.107197216363.issue43382@roundup.psfhosted.org>
2021-03-03 09:27:53	christian.heimes	link	issue43382 messages
2021-03-03 09:27:53	christian.heimes	create