Fix the use of default OpenSSL ciphers #3107
Conversation
|
Thanks for the reviews. So the reason I have not merged yet is that I first thought that |
|
@sshishov My understanding is "DEFAULT" is different than the system configured default, which is what we want. However, CPython has started setting a default which means that we're unable to revert to the true system default. |
|
Sorry for not updating this earlier. The reason using "DEFAULT" does not work is that CPython sets its own ciphers in a way that user code cannot control, using Hynek's list (the one we use in 1.26.x): #elif PY_SSL_DEFAULT_CIPHERS == 1
/* Python custom selection of sensible cipher suites
* @SECLEVEL=2: security level 2 with 112 bits minimum security (e.g. 2048 bits RSA key)
* ECDH+*: enable ephemeral elliptic curve Diffie-Hellman
* DHE+*: fallback to ephemeral finite field Diffie-Hellman
* encryption order: AES AEAD (GCM), ChaCha AEAD, AES CBC
* !aNULL:!eNULL: really no NULL ciphers
* !aDSS: no authentication with discrete logarithm DSA algorithm
* !SHA1: no weak SHA1 MAC
* !AESCCM: no CCM mode, it's uncommon and slow
*
* Based on Hynek's excellent blog post (update 2021-02-11)
* https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
*/
#define PY_SSL_DEFAULT_CIPHER_STRING "@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
#ifndef PY_SSL_MIN_PROTOCOL
#define PY_SSL_MIN_PROTOCOL TLS1_2_VERSION
#endifIdeally it should stop doing that, but before asking we should probably look at actual defaults in recent versions to see how good they are. In the meantime, https://quentin.pradet.me/blog/fixing-sslv3_alert_handshake_failure-with-urllib3-20.html continues to be the official guidance to fix handshake failures in urllib3. Closing. |
Closes #3100