[issue43998] Increase security of TLS settings in 3.10

Christian Heimes added the comment: New changeset a5669b3c627e64c9196d9bb58b733eb723d34e99 by Christian Heimes in branch 'master': bpo-43998: Fix testing without ssl module (GH-25790) https://github.com/python/cpython/commit/a5669b3c627e64c9196d9bb58b733eb723d34e99 -- _

[issue43998] Increase security of TLS settings in 3.10

Change by Christian Heimes : -- pull_requests: +24479 pull_request: https://github.com/python/cpython/pull/25790 ___ Python tracker ___

[issue43998] Increase security of TLS settings in 3.10

Change by Christian Heimes : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue43998] Increase security of TLS settings in 3.10

Christian Heimes added the comment: New changeset e983252b516edb15d4338b0a47631b59ef1e2536 by Christian Heimes in branch 'master': bpo-43998: Default to TLS 1.2 and increase cipher suite security (GH-25778) https://github.com/python/cpython/commit/e983252b516edb15d4338b0a47631b59ef1e2536 --

[issue43998] Increase security of TLS settings in 3.10

Change by Christian Heimes : -- keywords: +patch pull_requests: +24469 stage: -> patch review pull_request: https://github.com/python/cpython/pull/25778 ___ Python tracker ___

[issue43998] Increase security of TLS settings in 3.10

Christian Heimes added the comment: $ openssl ciphers -v '@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM' TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA2

[issue43998] Increase security of TLS settings in 3.10

New submission from Christian Heimes : It's 2021. TLS 1.0 and 1.1 have been deprecated in RFC 8996. Browsers have disabled TLS 1.0 and 1.1, too. Python should no longer enable TLS 1.1 by default and require strong TLS ciphers with forward secrecy. I'm going to update Python's default cipher