Python SSL and TLS security

Evolutions of the ssl module.

Cipher suite

Python 2.7 and 3.5-3.7:

_DEFAULT_CIPHERS = (
    'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:'
    'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:'
    '!aNULL:!eNULL:!MD5:!3DES'
    )

Pytohn 3.4:

_DEFAULT_CIPHERS = (
    'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
    'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:'
    '!eNULL:!MD5'
)

Python 3.3:

_DEFAULT_CIPHERS = 'DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2'

Options

  • SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: CBC IV attack countermeasure (CVE-2011-3389)
  • SSL_OP_NO_SSLv2: SSLv2 is unsafe
  • SSL_OP_NO_SSLv3: SSLv3 is unsafe
  • SSL_OP_NO_COMPRESSION: CRIME countermeasure
  • SSL_OP_CIPHER_SERVER_PREFERENCE
  • SSL_OP_SINGLE_DH_USE
  • SSL_OP_SINGLE_ECDH_USE

Python 3.7:

/* Defaults */
    options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
    if (proto_version != PY_SSL_VERSION_SSL2)
        options |= SSL_OP_NO_SSLv2;
    if (proto_version != PY_SSL_VERSION_SSL3)
        options |= SSL_OP_NO_SSLv3;
    /* Minimal security flags for server and client side context.
     * Client sockets ignore server-side parameters. */
#ifdef SSL_OP_NO_COMPRESSION
    options |= SSL_OP_NO_COMPRESSION;
#endif
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
    options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
#endif
#ifdef SSL_OP_SINGLE_DH_USE
    options |= SSL_OP_SINGLE_DH_USE;
#endif
#ifdef SSL_OP_SINGLE_ECDH_USE
    options |= SSL_OP_SINGLE_ECDH_USE;
#endif
    SSL_CTX_set_options(self->ctx, options);

CA store

SSLContext.load_default_certs() new in Python 3.4.

  • Windows: ssl.enum_certificates(store_name), new in Python 3.4. Use CertOpenStore() and CertEnumCertificatesInStore() functions.
  • Linux: xxx
  • macOS: xxx

See also

SSLContext

New in Python 3.2.

CRLs

  • SSLContext.verify_flags: New in Python 3.4
  • SSLContext.load_verify_locations(): This method can also load certification revocation lists (CRLs) in PEM or DER format. New in Python 3.5.
  • ssl.enum_crls(store_name): new in Python 3.4, specific to Windows

Validate TLS certificates

TLS versions

  • SSLv2 now black listed
  • SSLv3 now black listed

OpenSSL versions

Python bundled OpenSSL in Windows and macOS installers.

OpenSSL versions (read from the Windows installer):

  • Python 3.6.1: OpenSSL 1.0.2k
  • Python 2.7.13, 3.5.3 and 3.6.0: OpenSSL 1.0.2j
  • Python 2.7.12, 3.5.2: OpenSSL 1.0.2h
  • Python 2.7.11, 3.4.4, 3.5.0, 3.5.1: OpenSSL 1.0.2d
  • Python 2.7.10: OpenSSL 1.0.2a
  • Python 2.7.9: OpenSSL 1.0.1j
  • Python 3.3.5: OpenSSL 1.0.1e

Windows: see PCbuild/get_externals.bat (or PCbuild/readme.txt in older versions).

macOS: see Mac/BuildScript/build-installer.py.

macOS:

# Since Apple removed the header files for the deprecated system
# OpenSSL as of the Xcode 7 release (for OS X 10.10+), we do not
# have much choice but to build our own copy here, too.

Example of OpenSSL update: Upgrade installers to OpenSSL 1.0.2k (March 2017).