Mark Kubacki added the comment:
The cipher strings rely too much on AES for my taste. Imagine that
ChaCha20Poly1305 or any other strong cipher suite is introduced to OpenSSL in
the future.
Enabling using general, and demoting using narrow terms, seems IMHO a better
approach. For example
Mark Kubacki added the comment:
Thanks for the detailed insight, Donald! And I certainly love the progress
these changes here bring. :-)
Perhaps limiting the scope to ChaCha20Poly1305 (»CCP«) has been a wrong
approach of mine to explain my concerns:
We should not refer to any particular
Changes by Mark Kubacki wm...@hurrikane.de:
Removed file: http://bugs.python.org/file30757/python-2.7.5-tlssni.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue5639
Changes by Mark Kubacki wm...@hurrikane.de:
Added file: http://bugs.python.org/file30778/python-2.7.5-tlssni.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue5639
Changes by Mark Kubacki wm...@hurrikane.de:
Removed file: http://bugs.python.org/file30778/python-2.7.5-tlssni.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue5639
Changes by Mark Kubacki wm...@hurrikane.de:
Added file: http://bugs.python.org/file30779/python-2.7.5-tlssni.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue5639
Changes by Mark Kubacki wm...@hurrikane.de:
Added file: http://bugs.python.org/file30757/python-2.7.5-tlssni.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue5639
Mark Kubacki added the comment:
Python 2.7 is still used in production.
Given the scarcity of IPv4-addresses — and with CDNs (think: Amazon, Akamai,
EdgeCast…) starting to offer HTTP+SSL — the need for SNI arises in order to
avoid pitfalls such as shared certificates.
The lack of ubiquitous
Mark Kubacki added the comment:
Antoine, thank you for the heads-up. As long as I've reminded distribution
maintainers of this issue and this or a similar patch (always send a
server_hostname with TLS, if one is missing) will be integrated (please do!)
I've accomplished my goal.
BTW, today
Changes by Mark Kubacki wm...@hurrikane.de:
--
nosy: +markk
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16113
___
___
Python-bugs-list mailing
Mark Kubacki added the comment:
Raw backport for Python 2.7. ›raw‹ like in some options are in _ssl only.
(_ssl.{err_names_to_codes,err_codes_to_names,lib_codes_to_names,…})
--
nosy: +markk
Added file:
http://bugs.python.org/file30761/python-2.7.5-tls1.1-and-tls1.2.patch
11 matches
Mail list logo