diff options
Diffstat (limited to 'Misc')
| -rw-r--r-- | Misc/NEWS.d/next/Security/2021-05-01-13-13-40.bpo-43998.xhmWD7.rst | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2021-05-01-13-13-40.bpo-43998.xhmWD7.rst b/Misc/NEWS.d/next/Security/2021-05-01-13-13-40.bpo-43998.xhmWD7.rst new file mode 100644 index 0000000..6a40346 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2021-05-01-13-13-40.bpo-43998.xhmWD7.rst @@ -0,0 +1,5 @@ +The :mod:`ssl` module sets more secure cipher suites defaults. Ciphers +without forward secrecy and with SHA-1 MAC are disabled by default. Security +level 2 prohibits weak RSA, DH, and ECC keys with less than 112 bits of +security. :class:`~ssl.SSLContext` defaults to minimum protocol version TLS +1.2. Settings are based on Hynek Schlawack's research. |