Christian Heimes <li...@cheimes.de> added the comment:

> It would be advisable for Python3 to start enforcing security level 2, and 
> prohibit DTLS v1.1 and lower by default too. By configuring openssl library 
> on the host with setting security level, and/or setting min versions (if 
> openssl on the host supports such api). Because allowing to use TLS v1.1 and 
> lower out of the box is irresponsible.

We are going to change the default settings in our own OpenSSL builds together 
with https://www.python.org/dev/peps/pep-0644/ . For Linux distros we will rely 
on distro-wide crypto policies.

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue43382>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to