Christian Heimes added the comment:

Larry, the issue has nothing to do with the TLS/SSL library or implementation. 
It's about cipher suite selection. All (!) SSL libraries are affected because 
they had 3DES enabled as legacy fallback.

Fun fact: OpenSSL latest security fix has addressed the issue and disabled 3DES 
by default. But Python overrides the fix and enables 3DES again. LibreSSL 
hasn't announced a fix yet.

By the way I don't take LibreSSL serious. The developers are all cookie about 
best practice and security but they don't even offer HTTPS on their website or 
for downloads. Yes, the official download location for LibreSSL does not 
support secure file transfer.


Python tracker <>
Python-bugs-list mailing list

Reply via email to