[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: I've committed a conservative version of the patch, plus a test. -- resolution: -> fixed stage: patch review -> committed/rejected status: open -> closed ___ Python tracker _

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Roundup Robot added the comment: New changeset f9122975fd80 by Antoine Pitrou in branch '2.7': Issue #13636: Weak ciphers are now disabled by default in the ssl module http://hg.python.org/cpython/rev/f9122975fd80 -- ___ Python tracker

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Roundup Robot added the comment: New changeset 25c2d24e1b11 by Antoine Pitrou in branch '3.2': Issue #13636: Weak ciphers are now disabled by default in the ssl module http://hg.python.org/cpython/rev/25c2d24e1b11 New changeset ace54f5e75d7 by Antoine Pitrou in branch 'default': Issue #13636: W

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

naif added the comment: Regarding the mainteneance i expect that, if we make a future-proof choice, it would take at least 5 years before that someone will need to have other ciphers added. Consider that a new cipher is standardized once every X year, and typically, if it get diffused/adopte

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: For the record, here are the default ciphers in our Windows OpenSSL build: Z:\openssl-1.0.0a>out64\openssl.exe ciphers -v WARNING: can't open config file: /usr/local/ssl/openssl.cnf ECDHE-RSA-AES256-SHASSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: > > By default the Python SSL/TLS Stack (client/server) expose > > unsecure protocols (SSLv2) and unsecure ciphers (EXPORT 40bit DES). > > If there is a problem, it should not be fixed in Python, but in the > underlying library (OpenSSL) or in applications. Pyt

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

STINNER Victor added the comment: > By default the Python SSL/TLS Stack (client/server) expose > unsecure protocols (SSLv2) and unsecure ciphers (EXPORT 40bit DES). If there is a problem, it should not be fixed in Python, but in the underlying library (OpenSSL) or in applications. Python only

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: > The concept i would propose is to choose the ciphers that "known to be > secure" by disabling everything else. I hate repeating myself, but who will maintain it? -- ___ Python tracker

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

naif added the comment: Well, my concept is that it would be reasonable to use what people consider secure. SSL/TLS are security protocol. Some combination of the protocol configuration (ciphers/hash/key exchange) are: - known to be insecure - known to be secure - known to be unused (like SEE

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: > with your latest proposal 'HIGH:!aNULL:!eNULL:!SSLv2' : > - MD5 was disabled > - IDEA was disabled > - SEED was disabled That was the consequence of it, but that wasn't an explicit goal. > Generally speaking, as a concept to define a default we could: > - St

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: > Why make this decision ourselves at all? Copy what Mozilla and Chromium do > by default. If that translates to an explicit list of ciphers it will be a pain to maintain. Using a generic OpenSSL string such as "DEFAULT:!LOW:[etc.]" means OpenSSL mostly does th

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Gregory P. Smith added the comment: Why make this decision ourselves at all? Copy what Mozilla and Chromium do by default. -- ___ Python tracker ___

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

naif added the comment: Well, with your latest proposal 'HIGH:!aNULL:!eNULL:!SSLv2' : - MD5 was disabled - IDEA was disabled - SEED was disabled Then we realized that RC4 could be a cipher to be leaved enabled, so the new proposal starting from 'DEFAULT'. While i don't like RC4 because it's

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: > If we want to start from the "DEFAULT" than we should probably disable: > - PSK > - CAMELLIA > - MD5 > - IDEA > - SEED Why do you want to disable all these? -- ___ Python tracker

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

naif added the comment: Well, if you do: "DEFAULT:!LOW:!EXPORT:!aNULL:!eNULL:!SSLv2" ciphers enabled are ECDHE-RSA-AES256-SHASSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: I think we should relax the constraints a bit (RC4 seems ok for TLS/SSL use (*)) and therefore suggest we settle on "DEFAULT:!LOW:!EXPORT:!aNULL:!eNULL:!SSLv2". (OpenSSL's default is "DEFAULT:!aNULL:!eNULL", so we're really disabling weak ciphers) (*) Wikip

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Changes by Jesús Cea Avión : -- nosy: +jcea ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: > About ECDHE use as a default, prioritized key exchange method, google > is using it along with RC4: Hmmm... do note that RC4 is disabled with "HIGH". -- ___ Python tracker

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

naif added the comment: I confirm, tested "HIGH:!SSLv2" and MD5 cannot be negotiated. -- ___ Python tracker ___ ___ Python-bugs-list

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: > I would suggest to try to keep ECC/ECDH/ECDHE enabled, conceptually > we would like to have ECDHE as the first ciphers because it's the most > modern, performance and secure. However, this will also divide performance by a large factor (from 2x to 4x apparen

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: > MD5 has been disabled for SSL use due to it's weakness by: Apparently MD5 is already disabled by "HIGH:!SSLv2". -- ___ Python tracker ___ __

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

naif added the comment: It would be also useful to "Sort" the order of ciphers by it's strength. This is done by the parameter @STRENGTH" : >From http://www.openssl.org/docs/apps/ciphers.html "Additionally the cipher string @STRENGTH can be used at any point to sort the current cipher list i

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

naif added the comment: We could also disable all the ciphers that use MD5 for authentication: MD5 has been disabled for SSL use due to it's weakness by: - Firefox (All mozilla products now refuse any MD5 ciphers) https://www.thesslstore.com/blog/index.php/firefox-to-stop-supporting-md5-based-

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

naif added the comment: About ECDHE use as a default, prioritized key exchange method, google is using it along with RC4: http://www.julianevansblog.com/2011/11/https-encryption-increased-for-gmail-and-google.html -- ___ Python tracker

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

naif added the comment: Yes, i can do the test for the ordered set of ciphers with all the patches in-place, can build a custom python 3.2 with the patch applied. I would suggest to try to keep ECC/ECDH/ECDHE enabled, conceptually we would like to have ECDHE as the first ciphers because it's

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: > We must disable SSLv1 with !SSLv2, for example i am using just now > 'HIGH:!aNULL:!eNULL:!SSLv2:@STRENGTH' . Ok, thanks for the investigation. I think "HIGH:!aNULL:!eNULL:!SSLv2" is sufficient. -- ___ Python track

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

naif added the comment: To disable SSLv2 you must specifically disable it. Look, i tried a server we're working on http://github.com/hellais/tor2web that's running on: privacyresearch.infosecurity.ch port With 'HIGH:!aNULL:!eNULL' SSLv2 can connect: openssl s_client -connect privacyre

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: > - Disable SSLv2 It should be disabled automatically since the SSLv2 cipher suites are not part of "HIGH": see http://www.openssl.org/docs/apps/ciphers.html#SSL_v2_0_cipher_suites_ > - Enable ECC/ECDHE by default > - Enable DH/DHE by default These both req

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

naif added the comment: Ok for: 'HIGH:!aNULL:!eNULL' but also: - Disable SSLv2 - Enable ECC/ECDHE by default - Enable DH/DHE by default With this in place, i would then suggest to see which is the "Default ordered list of ciphers" with an SSL cipher scanner/wireshark. Then we would be able t

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: Here is a possible patch for 3.2. Probably needs a doc addition as well. -- keywords: +patch stage: needs patch -> patch review versions: +Python 2.7 Added file: http://bugs.python.org/file24051/default_ciphers.patch ___

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: Actually, it seems we want 'HIGH:!aNULL:!eNULL' to avoid non-encrypted and non-authenticated ciphers. > That way (but this is an approach to be discussed) we will pick-up > a set of widely secure ciphers Please read my message above and understand this faces

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

naif added the comment: >From Antoine Pitrou (pitrou): > Why don't you simple define your own default ciphers and call the > set_ciphers() method? > That said, we could perhaps call set_ciphers("HIGH") by default. This > excludes legacy ciphers (such as RC4, DES) without having us maintain an >

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

Antoine Pitrou added the comment: As I said, I don't think maintaining an explicit list of ciphers ourselves is reasonable, since there are no crypto experts (AFAICT) amongst the Python core developers. Also, maintaining an explicit list of ciphers means people wouldn't benefit automatically

[issue13636] Python SSL Stack doesn't have a Secure Default set of ciphers

New submission from naif : By default the Python SSL/TLS Stack (client/server) expose unsecure protocols (SSLv2) and unsecure ciphers (EXPORT 40bit DES). This ticket is about defining a set of secure ciphers that should also provide maximum performance and compatibility, in order to allow any