[tor-dev] Python SSL/TLS Security enhancement

Fabio Pietrosanti (naif) lists at infosecurity.ch
Mon Dec 19 11:13:22 UTC 2011

Hi all,

following the new Tor2web development based on Python by hellais
(ongoing http://github.com/hellais/tor2web) we realized that the Python
SSL binding are quite crap.

We opened a set of Tickets on Python Issue tracker where i think that
the Tor Project Community (that use a lot Python) could contribute
and/or give out ideas.

Having a secure Python SSL/TLS binding can be very valuable:

Python SSL stack doesn't support DH ciphers

Python SSL stack doesn't support Elliptic Curve ciphers

Python SSL stack doesn't support ordering of Ciphers

Python SSL stack doesn't support Compression configuration

In particular one idea, following the assessment of implementation,
would be to provide to Python a default set of secure ciphers,
considering performance and compatibility issues where i think that the
Tor Project knowledge could be helpful:

Python SSL Stack doesn't have a Secure Default set of ciphers

Defining a method of selection that can convince the Python project to
be "Secure by default" (yet compatible and high performance) without
leaving enable by default SSLv2 or DES 40bit ciphers.

Hope in some contribution and testing


p.s. basically DHE,ECDHE, Ordered ciphers are needed for tor2web

More information about the tor-dev mailing list