Message415606
This general idea sounds nice to have, I hope it can be included. `ctx._call_with_ctypes("SSL_CTX_set_ciphersuites"...` also sounds totally workable to me, if that has the best security profile.
Defense in depth is important, but it is not a reason to prevent key functionality from landing. For example, "export_keying_material" is an RFC and widely implemented (Go crypto/tls, Rustls, Conscrypt, nodejs, boringssl, openssl, BouncyCastle, etc see links here https://github.com/python/cpython/pull/25255#issuecomment-1073256270). It is used in IETF protocols like SRTP and NTS.
Perhaps that could be a concrete use case here for thinking about the security profile? |
|
Date |
User |
Action |
Args |
2022-03-20 14:22:54 | eighthave | set | recipients:
+ eighthave, christian.heimes, njs, steve.dower |
2022-03-20 14:22:54 | eighthave | set | messageid: <1647786174.28.0.857937610968.issue43902@roundup.psfhosted.org> |
2022-03-20 14:22:54 | eighthave | link | issue43902 messages |
2022-03-20 14:22:54 | eighthave | create | |
|