diff options
| author | Donald Stufft <donald@stufft.io> | 2014-03-22 01:33:34 (GMT) |
|---|---|---|
| committer | Donald Stufft <donald@stufft.io> | 2014-03-22 01:33:34 (GMT) |
| commit | 79ccaa2cad2a13f0da2f900a0f9f61cd6b619c99 (patch) | |
| tree | ad16e54403a655838fb1338be48d4e8702312adf /Misc | |
| parent | 51f3129ba2f87233006338c9c735fe4b0cc84036 (diff) | |
| download | cpython-79ccaa2cad2a13f0da2f900a0f9f61cd6b619c99.zip cpython-79ccaa2cad2a13f0da2f900a0f9f61cd6b619c99.tar.gz cpython-79ccaa2cad2a13f0da2f900a0f9f61cd6b619c99.tar.bz2 | |
Issue #20995: Enhance default ciphers used by the ssl module
Closes #20995 by Enabling better security by prioritizing ciphers
such that:
* Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
* Prefer ECDHE over DHE for better performance
* Prefer any AES-GCM over any AES-CBC for better performance and security
* Then Use HIGH cipher suites as a fallback
* Then Use 3DES as fallback which is secure but slow
* Finally use RC4 as a fallback which is problematic but needed for
compatibility some times.
* Disable NULL authentication, NULL encryption, and MD5 MACs for security
reasons
Diffstat (limited to 'Misc')
| -rw-r--r-- | Misc/NEWS | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -21,6 +21,9 @@ Core and Builtins Library ------- +- Issue #20995: Enhance default ciphers used by the ssl module to enable + better security an prioritize perfect forward secrecy. + - Issue #20884: Don't assume that __file__ is defined on importlib.__init__. - Issue #20879: Delay the initialization of encoding and decoding tables for |