naif <n...@globaleaks.org> added the comment: To disable SSLv2 you must specifically disable it.
Look, i tried a server we're working on http://github.com/hellais/tor2web that's running on: privacyresearch.infosecurity.ch port 8888 With 'HIGH:!aNULL:!eNULL' SSLv2 can connect: openssl s_client -connect privacyresearch.infosecurity.ch:8888 -ssl2 SSLv2, Cipher is DES-CBC3-MD5 So it negotiated SSLv2 with 3DES that's not a good choice, SSLv2 must be disabled. We must disable SSLv1 with !SSLv2, for example i am using just now 'HIGH:!aNULL:!eNULL:!SSLv2:@STRENGTH' . Trying to connect with SSLv2 fail: openssl s_client -connect privacyresearch.infosecurity.ch:8888 -ssl2 140735092141340:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450: Trying to connect by default, it select a strong cipher (i still didn't setup the dh/stuff): openssl s_client -connect privacyresearch.infosecurity.ch:8888 Connect with: TLSv1/SSLv3, Cipher is AES256-SHA ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13636> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
