Issue 23481: SSL module should not offer RC4 based cipher suites for clients by default (original) (raw)
This issue has been migrated to GitHub: https://github.com/python/cpython/issues/67669
classification
| Title: | SSL module should not offer RC4 based cipher suites for clients by default | ||
|---|---|---|---|
| Type: | Stage: | resolved | |
| Components: | Library (Lib) | Versions: | Python 3.4, Python 3.5, Python 2.7 |
process
| Status: | closed | Resolution: | fixed |
|---|---|---|---|
| Dependencies: | Superseder: | ||
| Assigned To: | Nosy List: | alex, christian.heimes, dstufft, giampaolo.rodola, icordasc, janssen, pitrou, python-dev | |
| Priority: | normal | Keywords: | patch |
Created on 2015-02-19 00:54 by alex, last changed 2022-04-11 14:58 by admin. This issue is now closed.
| Files | |||
|---|---|---|---|
| File name | Uploaded | Description | Edit |
| rc4.diff | alex,2015-02-19 00:54 | review |
| Messages (4) | ||
|---|---|---|
| msg236202 - (view) | Author: Alex Gaynor (alex) *  |
Date: 2015-02-19 00:54 |
| In addition to the security concerns, it is now a violation of RFC7465 to offer a cipher suite with RC4 in a ClientHello: https://tools.ietf.org/html/rfc7465 | ||
| msg236203 - (view) | Author: Ian Cordasco (icordasc) * | Date: 2015-02-19 00:56 |
| It's clearly no longer acceptable to include RC4 when the IETF has felt it necessary to publish an RFC prohibiting its usage. | ||
| msg236238 - (view) | Author: Antoine Pitrou (pitrou) * |
Date: 2015-02-19 22:22 |
| Sounds fine to me. Should a test be added? | ||
| msg236240 - (view) | Author: Roundup Robot (python-dev)  |
Date: 2015-02-19 22:58 |
| New changeset c509e6f18d7d by Benjamin Peterson in branch '3.4': remove rc4 from the default client ciphers (closes #23481) https://hg.python.org/cpython/rev/c509e6f18d7d New changeset 3596081cfb55 by Benjamin Peterson in branch '2.7': remove rc4 from the default client ciphers (closes #23481) https://hg.python.org/cpython/rev/3596081cfb55 New changeset 041a27298cf3 by Benjamin Peterson in branch 'default': merge 3.4 (#23481) https://hg.python.org/cpython/rev/041a27298cf3 |
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:58:12 | admin | set | github: 67669 |
| 2015-03-16 17:40:40 | r.david.murray | unlink | issue23679 dependencies |
| 2015-03-16 16:38:21 | benjamin.peterson | link | issue23679 dependencies |
| 2015-02-19 22:58:26 | python-dev | set | status: open -> closednosy: + python-devmessages: + resolution: fixedstage: resolved |
| 2015-02-19 22:22:52 | pitrou | set | messages: + |
| 2015-02-19 00:56:55 | icordasc | set | nosy: + icordascmessages: + |
| 2015-02-19 00:54:56 | alex | create |