On Fri, Jan 27, 2017 at 3:10 AM, Cory Benfield <c...@lukasa.co.uk> wrote:
> > On 26 Jan 2017, at 21:17, Donald Stufft <don...@stufft.io> wrote: > > > On Jan 26, 2017, at 4:18 AM, Cory Benfield <c...@lukasa.co.uk> wrote: > > For this reason I’m inclined to lean towards the more verbose approach of > just writing down what all of the cipher suites are in an enum. That way, > it gets much easier to validate what’s going on. There’s still no > requirement to actually support them all: an implementation is allowed to > quietly ignore any cipher suites it doesn’t support. But that can no longer > happen due to typos, because typos now cause AttributeErrors at runtime in > a way that is very obvious and clear. > > > > I’d say additionally that given the verbose approach a third party library > could provide this OpenSSL like API and be responsible for “compiling” it > down to the actual list of ciphers for input into the verbose API. If one > of those got popular and seemed stable enough to add it, we could always > add it in later as a higher level API for cipher selection without the > backends needing to change anything since the output of such a function > would still be a list of all of the desired ciphers which would be the > input to the backends. > > > Yup, strongly agreed. > https://github.com/tiran/tlsdb/blob/master/tlsdb.py - [ ] ENH: tlsdb.py: add parsers/datasources for {SChannel, SecureTransport} - [x] openssl-master - [x] openssl-1.02 - [x] gnutls-master - [x] nss-tip - [x] mod_nss-master - [x] **iana** - [x] mozilla-server-side - [ ] SChannel - [ ] SecureTransport - [ ] ENH: tlsdb.py: add OpenSSL-workalike lookup method - [ ] BLD: tls.config.__: generate Enums? > > Cory > > _______________________________________________ > Security-SIG mailing list > Security-SIG@python.org > https://mail.python.org/mailman/listinfo/security-sig > >
_______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
