An error occurred fetching the project authors.
  1. 29 Oct, 2014 1 commit
  2. 20 Oct, 2014 1 commit
  3. 10 Oct, 2014 5 commits
  4. 27 Sep, 2014 2 commits
  5. 25 Jul, 2014 1 commit
  6. 17 Jul, 2014 1 commit
  7. 17 May, 2014 1 commit
  8. 24 Mar, 2014 1 commit
  9. 23 Mar, 2014 2 commits
    • Donald Stufft's avatar
      Issue #21013: Enhance ssl.create_default_context() for server side contexts · 6a2ba949
      Donald Stufft authored
      Closes #21013 by modfying ssl.create_default_context() to:
      
      * Move the restricted ciphers to only apply when using
        ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not
        is the lack of RC4 in the restricted. However there are servers that exist
        that only expose RC4 still.
      * Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context
        will select TLS1.1 or TLS1.2 if it is available.
      * Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets
      * Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security
        of the perfect forward secrecy
      * Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side
        socket the context will prioritize our ciphers which have been carefully
        selected to maximize security and performance.
      * Documents the failure conditions when a SSL3.0 connection is required so
        that end users can more easily determine if they need to unset
        ssl.OP_NO_SSLv3.
      6a2ba949
    • Antoine Pitrou's avatar
  10. 22 Mar, 2014 2 commits
    • Antoine Pitrou's avatar
      Issue #20913: improve the SSL security considerations to first advocate using... · c5e075ff
      Antoine Pitrou authored
      Issue #20913: improve the SSL security considerations to first advocate using create_default_context().
      c5e075ff
    • Donald Stufft's avatar
      Issue #20995: Enhance default ciphers used by the ssl module · 79ccaa2c
      Donald Stufft authored
      Closes #20995 by Enabling better security by prioritizing ciphers
      such that:
      
      * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
      * Prefer ECDHE over DHE for better performance
      * Prefer any AES-GCM over any AES-CBC for better performance and security
      * Then Use HIGH cipher suites as a fallback
      * Then Use 3DES as fallback which is secure but slow
      * Finally use RC4 as a fallback which is problematic but needed for
        compatibility some times.
      * Disable NULL authentication, NULL encryption, and MD5 MACs for security
        reasons
      79ccaa2c
  11. 16 Mar, 2014 1 commit
  12. 12 Mar, 2014 1 commit
  13. 09 Mar, 2014 1 commit
  14. 28 Dec, 2013 1 commit
  15. 20 Dec, 2013 1 commit
  16. 02 Dec, 2013 1 commit
  17. 29 Nov, 2013 1 commit
  18. 23 Nov, 2013 5 commits
  19. 22 Nov, 2013 2 commits
  20. 21 Nov, 2013 3 commits
  21. 17 Nov, 2013 1 commit
  22. 29 Oct, 2013 3 commits
  23. 27 Oct, 2013 1 commit
  24. 06 Oct, 2013 1 commit