New submission from Antoine Pitrou: Currently, create_default_context() doesn't do anything special for server use. It seems the configuration could be improved, though:
- PROTOCOL_TLSv1 is suboptimal for servers: a "TLSv1" server can't accept a TLSv1.2 client, but a "SSLv23" server will; so we should use PROTOCOL_SSLv23 (!) - we could enable ECDH by calling SSLContext.set_ecdh_curve(<something>) ---------- components: Library (Lib) messages: 214405 nosy: christian.heimes, dstufft, pitrou priority: normal severity: normal status: open title: server-specific SSL context configuration type: enhancement versions: Python 3.4, Python 3.5 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue21013> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
