naif <n...@globaleaks.org> added the comment: Ok for: 'HIGH:!aNULL:!eNULL'
but also: - Disable SSLv2 - Enable ECC/ECDHE by default - Enable DH/DHE by default With this in place, i would then suggest to see which is the "Default ordered list of ciphers" with an SSL cipher scanner/wireshark. Then we would be able to know if the "default order" for the ciphers is reasonable or if we would need to manually organize it to have a preferred selection that consider security and performance, while keeping always compatibility. What do you think of an approach like this? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13636> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
