• Christian Heimes's avatar
    bpo-31429: Define TLS cipher suite on build time (#3532) · 892d66e4
    Christian Heimes yazdı
    Until now Python used a hard coded white list of default TLS cipher
    suites. The old approach has multiple downsides. OpenSSL's default
    selection was completely overruled. Python did neither benefit from new
    cipher suites (ChaCha20, TLS 1.3 suites) nor blacklisted cipher suites.
    For example we used to re-enable 3DES.
    
    Python now defaults to OpenSSL DEFAULT cipher suite selection and black
    lists all unwanted ciphers. Downstream vendors can override the default
    cipher list with --with-ssl-default-suites.
    Signed-off-by: 's avatarChristian Heimes <christian@python.org>
    892d66e4
_ssl.c 171 KB