Hi all,

following the new Tor2web development based on Python by hellais (ongoing http://github.com/hellais/tor2web) we realized that the Python SSL binding are quite crap.

We opened a set of Tickets on Python Issue tracker where i think that the Tor Project Community (that use a lot Python) could contribute and/or give out ideas.

Having a secure Python SSL/TLS binding can be very valuable:

Python SSL stack doesn't support DH ciphers http://bugs.python.org/issue13626

Python SSL stack doesn't support Elliptic Curve ciphers http://bugs.python.org/issue13627

Python SSL stack doesn't support ordering of Ciphers http://bugs.python.org/issue13635

Python SSL stack doesn't support Compression configuration http://bugs.python.org/issue13634

In particular one idea, following the assessment of implementation, would be to provide to Python a default set of secure ciphers, considering performance and compatibility issues where i think that the Tor Project knowledge could be helpful:

Python SSL Stack doesn't have a Secure Default set of ciphers http://bugs.python.org/issue13636

Defining a method of selection that can convince the Python project to be "Secure by default" (yet compatible and high performance) without leaving enable by default SSLv2 or DES 40bit ciphers.

Hope in some contribution and testing

-naif

p.s. basically DHE,ECDHE, Ordered ciphers are needed for tor2web