[issue44811] Change default signature algorithms for context in the ssl library

ramikg added the comment: As a side note, while the ideal solution would be for Python to expose the appropriate API, there exists a hacky solution using ctypes: https://github.com/ramikg/ssl-context-configurator -- nosy: +ramikg ___ Python tracker

[issue44811] Change default signature algorithms for context in the ssl library

Anis Gandoura added the comment: Hello, thank you for your message. The default signatures list is very different from what a usual Internet Browser (like Chrome or Firefox) displays. Here is an example: With Chrome I have: SHA256/ECDSA, RSA_PSS_SHA256, SHA256/RSA, SHA384/ECDSA, RSA_PSS_SH

[issue44811] Change default signature algorithms for context in the ssl library

Christian Heimes added the comment: Thanks for your PR. Before we move forward, let's discuss reasoning and API design first. Why should a Python application be able to modify the signature algorithms? The default settings are safe and sane. Security properties should rather be set system-w

[issue44811] Change default signature algorithms for context in the ssl library

Change by Roundup Robot : -- keywords: +patch nosy: +python-dev nosy_count: 2.0 -> 3.0 pull_requests: +26056 stage: -> patch review pull_request: https://github.com/python/cpython/pull/27550 ___ Python tracker _

[issue44811] Change default signature algorithms for context in the ssl library

Change by Anis Gandoura : -- assignee: -> christian.heimes components: +SSL nosy: +christian.heimes versions: +Python 3.11 ___ Python tracker ___ _

[issue44811] Change default signature algorithms for context in the ssl library

New submission from Anis Gandoura : Expose the OpenSSL function SSL_CTX_set1_sigalgs_list to allow the user to modify the supported signature algorithms for a given SSL Context. OpenSSL documentation: https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set1_sigalgs_list.html -- message