Hans-Christoph Steiner <[email protected]> added the comment:
This general idea sounds nice to have, I hope it can be included.
`ctx._call_with_ctypes("SSL_CTX_set_ciphersuites"...` also sounds totally
workable to me, if that has the best security profile.
Defense in depth is important, but it is not a reason to prevent key
functionality from landing. For example, "export_keying_material" is an RFC
and widely implemented (Go crypto/tls, Rustls, Conscrypt, nodejs, boringssl,
openssl, BouncyCastle, etc see links here
https://github.com/python/cpython/pull/25255#issuecomment-1073256270). It is
used in IETF protocols like SRTP and NTS.
Perhaps that could be a concrete use case here for thinking about the security
profile?
----------
nosy: +eighthave
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue43902>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
