Christian Heimes added the comment:
Larry, the issue has nothing to do with the TLS/SSL library or implementation.
It's about cipher suite selection. All (!) SSL libraries are affected because
they had 3DES enabled as legacy fallback.
Fun fact: OpenSSL latest security fix has addressed the issue and disabled 3DES
by default. But Python overrides the fix and enables 3DES again. LibreSSL
hasn't announced a fix yet.
By the way I don't take LibreSSL serious. The developers are all cookie about
best practice and security but they don't even offer HTTPS on their website or
for downloads. Yes, the official download location for LibreSSL does not
support secure file transfer.
Python tracker <rep...@bugs.python.org>
Python-bugs-list mailing list