-
-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Python SSL stack doesn't support ordering of Ciphers #57844
Comments
The list of Ciphers for Python SSL binding for OpenSSL cannot be ordered in a specific list of preference. This is a requirement for strict security environment where the ordered cipher list it's very important. Apache support the ordering of ciphers trough the configuration of SSLHonorCipherOrder: Also Internet Explorer 7 support Ciphers order configuration: Not having the ordered cipher list doesn't allow Python SSL stack configuration to be compliant with high security environment, de-facto representing a security vulnerability. We suggest to fix the issue of lacking that feature. |
Apparently it's just a matter of exposing SSL_OP_CIPHER_SERVER_PREFERENCE? |
Looking at the code from mod_ssl i would say that this is the preference required https://issues.apache.org/bugzilla/show_bug.cgi?id=28665 |
New changeset c706f76c9ea8 by Antoine Pitrou in branch 'default': |
The new option is now committed in 3.3. Thanks for the report! |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: