Antoine Pitrou <pit...@free.fr> added the comment: I think we should relax the constraints a bit (RC4 seems ok for TLS/SSL use (*)) and therefore suggest we settle on "DEFAULT:!LOW:!EXPORT:!aNULL:!eNULL:!SSLv2".
(OpenSSL's default is "DEFAULT:!aNULL:!eNULL", so we're really disabling weak ciphers) (*) Wikipedia even notes: “RC4, being a stream cipher, is the only common cipher which is immune[7] to the 2011 BEAST attack on TLS 1.0, which exploits a known weakness in the way cipher block chaining mode is used with all of the other ciphers supported by TLS 1.0, which are all block ciphers” ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13636> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
