On 2016-09-07 05:06, Larry Hastings wrote:
>
> Larry Hastings added the comment:
>
>> FWIW the cipher list (at least the restricted ones for
>> ssl.create_default_context()) is explicitly documented
>> as being able to be changed at any time without prior deprecation
>
> Yes. To be specific: "The protocol, options, cipher and other settings may change to more restrictive values anytime without prior deprecation."
>
> https://docs.python.org/3/library/ssl.html#ssl.create_default_context
>
> I've seen no documentation suggesting that we can add new ciphers at any time.
ChaCha20 is part of the HIGH cipher set. That means the patch does not
*add* ChaCha20. It's already added by the HIGH rule. The patch rather
moves the cipher ChaCha20 Poly1305 suits in the right place.
Christian