[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-dev] Python SSL/TLS Security enhancement
following the new Tor2web development based on Python by hellais
(ongoing http://github.com/hellais/tor2web) we realized that the Python
SSL binding are quite crap.
We opened a set of Tickets on Python Issue tracker where i think that
the Tor Project Community (that use a lot Python) could contribute
and/or give out ideas.
Having a secure Python SSL/TLS binding can be very valuable:
Python SSL stack doesn't support DH ciphers
Python SSL stack doesn't support Elliptic Curve ciphers
Python SSL stack doesn't support ordering of Ciphers
Python SSL stack doesn't support Compression configuration
In particular one idea, following the assessment of implementation,
would be to provide to Python a default set of secure ciphers,
considering performance and compatibility issues where i think that the
Tor Project knowledge could be helpful:
Python SSL Stack doesn't have a Secure Default set of ciphers
Defining a method of selection that can convince the Python project to
be "Secure by default" (yet compatible and high performance) without
leaving enable by default SSLv2 or DES 40bit ciphers.
Hope in some contribution and testing
p.s. basically DHE,ECDHE, Ordered ciphers are needed for tor2web
tor-dev mailing list