Donald Stufft added the comment: Attached is a patch that:
* Switches the protocol to SSLv23 so that we can negotiate a TLS1.1 or TLS1.2 connection. * Sets OP_CIPHER_SERVER_PREFERENCE for Purpose.CLIENT_AUTH so that our carefully selected cipher priority gives us better encryption and PFS * Sets OP_SINGLE_DH_USE and OP_SINGLE_ECDH_USE for Purpose.CLIENT_AUTH to prevent re-use of the DH and ECDH keys in distinct sessions. ---------- keywords: +patch Added file: http://bugs.python.org/file34569/ssl-server-defaults.diff _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue21013> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
