Antoine Pitrou <pit...@free.fr> added the comment: > - Disable SSLv2
It should be disabled automatically since the SSLv2 cipher suites are not part of "HIGH": see http://www.openssl.org/docs/apps/ciphers.html#SSL_v2_0_cipher_suites_ > - Enable ECC/ECDHE by default > - Enable DH/DHE by default These both require parameters. I think adding simple instructions in the documentation would go a long way towards helping users. It would also probably be more instructive than silently choosing default values. (after all, for ECDHE it's a one-line addition; DHE needs a separate file so it's less immediate) > With this in place, i would then suggest to see which is the "Default > ordered list of ciphers" with an SSL cipher scanner/wireshark. I'm not really able to do that. Perhaps you can help? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13636> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
