New submission from naif <n...@globaleaks.org>: Python SSL doesn't support Elliptic Curve ciphers in in all version tested.
This is a serious performance issue because it's not possible to use as a server or as client the performance improvement provided by ECC based ciphers. Nowdays ECC are supported by all latests browsers. ECC provide a strong performance improvements (even x3) also when used with Perfect Forward Secrecy enabled ciphers like described on: http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html In order to enable ECC ciphers (and eventually ECC keys) the SSL implementation the in the file Modules/_ssl.c must be modified. For example apache had several modifications to support ECC on their SSL (openssl based) stack: https://issues.apache.org/bugzilla/show_bug.cgi?id=40132 https://build.opensuse.org/package/view_file?file=httpd-ssl-ecc-ecdh.patch&package=apache2&project=home%3Aelvigia%3Atls1.2&rev=2 So Python SSL module should introduce similar modifications to fully support Elliptic Curve ciphers for SSL in order to: - Provide performance improvements - Provide cryptography security improvements - Allow writing of applications compliant with NSA Suite-B standard ---------- components: Library (Lib) messages: 149755 nosy: naif priority: normal severity: normal status: open title: Python SSL stack doesn't support Elliptic Curve ciphers versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13627> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
