Hi, thanks for the feedback. Since my last mail a couple of things have happened.
Victor has reviewed my AF_ALG patch and I got some feedback on a new variant of setsockopt() on python-dev. The patch is almost ready. I have submitted updated patch for SHA-3 and BLAKE2 support. Both need a final review and ACK. OpenSSL 1.1 has been released and block ciphers with small blocks have been found insecure. This affects 3DES i our default cipher list. OpenSSL 1.1.0 has removed 3DES, which broke one test. I'm going to update my OpenSSL 1.1 patch soonish. I have two more security tickets in the queue. Please give feedback. Remove 3DES from cipher list (sweet32 CVE-2016-2183) ---------------------------------------------------- https://bugs.python.org/issue27850 Fix for https://sweet32.info/ ssl: get list of enabled ciphers -------------------------------- https://github.com/tiran/cpython/tree/feature/openssl_ciphers https://bugs.python.org/issue27866 Counter part of SSLContext.set_ciphers(), SSLContext.get_ciphers() returns list of dicts with enabled ciphers.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
