Home Original page

Message 149831 - Python tracker

Message149831

Author naif
Recipients naif
Date 2011-12-19.10:44:02
SpamBayes Score 0.006774416
Marked as misclassified No
Message-id <1324291443.18.0.0191846315359.issue13635@psf.upfronthosting.co.za>
In-reply-to
Content 
The list of Ciphers for Python SSL binding for OpenSSL cannot be ordered in a specific list of preference.

This is a requirement for strict security environment where the ordered cipher list it's very important.

Apache support the ordering of ciphers trough the configuration of SSLHonorCipherOrder:
http://www.carbonwind.net/blog/post/Setting-the-preferred-cipher-suite-on-Apache-22x.aspx

Also Internet Explorer 7 support Ciphers order configuration:
https://blogs.technet.com/b/steriley/archive/2007/11/06/changing-the-ssl-cipher-order-in-internet-explorer-7-on-windows-vista.aspx?Redirected=true

Not having the ordered cipher list doesn't allow Python SSL stack configuration to be compliant with high security environment, de-facto representing a security vulnerability.

We suggest to fix the issue of lacking that feature.
History
Date User Action Args
2011-12-19 10:44:03naifsetrecipients: + naif
2011-12-19 10:44:03naifsetmessageid: <1324291443.18.0.0191846315359.issue13635@psf.upfronthosting.co.za>
2011-12-19 10:44:02naiflinkissue13635 messages
2011-12-19 10:44:02naifcreate