[issue44811] Change default signature algorithms for context in the ssl library
New submission from Anis Gandoura : Expose the OpenSSL function SSL_CTX_set1_sigalgs_list to allow the user to modify the supported signature algorithms for a given SSL Context. OpenSSL documentation: https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set1_sigalgs_list.html -- messages: 398762 nosy: anis.gandoura priority: normal severity: normal status: open title: Change default signature algorithms for context in the ssl library ___ Python tracker <https://bugs.python.org/issue44811> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue44811] Change default signature algorithms for context in the ssl library
Change by Anis Gandoura : -- assignee: -> christian.heimes components: +SSL nosy: +christian.heimes versions: +Python 3.11 ___ Python tracker <https://bugs.python.org/issue44811> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue44811] Change default signature algorithms for context in the ssl library
Anis Gandoura added the comment: Hello, thank you for your message. The default signatures list is very different from what a usual Internet Browser (like Chrome or Firefox) displays. Here is an example: With Chrome I have: SHA256/ECDSA, RSA_PSS_SHA256, SHA256/RSA, SHA384/ECDSA, RSA_PSS_SHA384, SHA384/RSA, RSA_PSS_SHA512, SHA512/RSA With default SSL settings: SHA256/ECDSA, SHA384/ECDSA, SHA512/ECDSA, Ed25519, Ed448, Unknown (0x8)/Unknown (0x9), Unknown (0x8)/Unknown (0xa), Unknown (0x8)/Unknown (0xb), RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, SHA256/RSA, SHA384/RSA, SHA512/RSA, SHA224/ECDSA, SHA1/ECDSA, SHA224/RSA, SHA1/RSA, SHA224/DSA, SHA1/DSA, SHA256/DSA, SHA384/DSA, SHA512/DSA You can use this website for testing: https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html We are building a security suite in Python to protect websites from DDOS attacks and we are not able to run "Chrome like" tests due to this limitation. -- ___ Python tracker <https://bugs.python.org/issue44811> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
