Marc-Andre Lemburg added the comment: On 21.03.2014 00:10, Donald Stufft wrote: > >> We shouldn't do this in Python for the same reason we're not including >> a predefined set of CA root certificates with the distribution. > > The difference here is that there are properly maintained alternatives to > Python including a predefined set of CA root certificates. This isn't the > case with OpenSSL. OpenSSL doesn't provide good defaults and I'm not aware of > a single OS which ships with OpenSSL that patches it to provide good defaults. > > Python exposes this API, it's Python's job to properly secure it.
Perhaps I should have clarified this earlier on: I agree to use such defaults for writing SSL servers in Python. I disagree when it comes to SSL clients. If we enforce a specific set of ciphers per default and a user finds that a server he wants to communicate with for example only supports RC4 ciphers, because that's the server admins were told to use after the BEAST attack was found, the user most likely won't be able to fix this. So what's the net result: the scripts doesn't work, without any way to get it back to work again. That's not more secure, it's a failure :-) IMO, Python should make SSL server code use best practices and make it easy to alter the defaults. Python should also make sure that SSL client code works using HIGH level ciphers, but not limit the selection much further or make it more specific (apart from removing completely broken features like e.g. MD5, aNULL, etc.). If we want to enhance the user security, we should educate our users about best practices and provide information on how to implement them, ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue20995> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com