[tor-dev] Python SSL/TLS Security enhancement
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Mon Dec 19 11:13:22 UTC 2011
Hi all,
following the new Tor2web development based on Python by hellais
(ongoing http://github.com/hellais/tor2web) we realized that the Python
SSL binding are quite crap.
We opened a set of Tickets on Python Issue tracker where i think that
the Tor Project Community (that use a lot Python) could contribute
and/or give out ideas.
Having a secure Python SSL/TLS binding can be very valuable:
Python SSL stack doesn't support DH ciphers
http://bugs.python.org/issue13626
Python SSL stack doesn't support Elliptic Curve ciphers
http://bugs.python.org/issue13627
Python SSL stack doesn't support ordering of Ciphers
http://bugs.python.org/issue13635
Python SSL stack doesn't support Compression configuration
http://bugs.python.org/issue13634
In particular one idea, following the assessment of implementation,
would be to provide to Python a default set of secure ciphers,
considering performance and compatibility issues where i think that the
Tor Project knowledge could be helpful:
Python SSL Stack doesn't have a Secure Default set of ciphers
http://bugs.python.org/issue13636
Defining a method of selection that can convince the Python project to
be "Secure by default" (yet compatible and high performance) without
leaving enable by default SSLv2 or DES 40bit ciphers.
Hope in some contribution and testing
-naif
p.s. basically DHE,ECDHE, Ordered ciphers are needed for tor2web
More information about the tor-dev
mailing list