Changes between Version 7 and Version 8 of Plan/Security


Ignore:
Timestamp:
11/09/2014 05:29:33 AM (3 years ago)
Author:
Hynek Schlawack
Comment:

Clean up solved problems

Legend:

Unmodified
Added
Removed
Modified
  • Plan/Security

    v7 v8  
    55= TLS =
    66
    7 == Short term ==
    8 
    9  - #6663: We need to make the cipher suites configurable.
    10  - #6801: OP_NO_COMPRESSION needs to be set to circumvent CRIME, OP_CIPHER_SERVER_PREFERENCE to force our ciphers on clients.
    11  - #6799: We need to support DHE to offer PFS.
    12  - #4888: twisted.web.client.Agent our new web client API has to learn hostname verification for HTTPS URIs.
    13  - #5446/#6334: For that we need access to a reliable trust store.
    14  - #6924: Expose dhParameters to string endpoints
    15 
    16 == Mid Term ==
    17 
    18  -  #6586: Add ECDH, we need to add it too (eg. Windows does no DHE). (and make is pretty as soon as [https://github.com/pyca/pyopenssl/pull/57 PyOpenSSL learns about ECDH] #7033)
     7 - #6923: Deprecate outdated SSL context factories
    198 - #4887: Add SNI (not security-relevant but belongs into a complete TLS framework).
    20  - #6802: Add OCSP stapling support
     9 - #6802: Add OCSP stapling support ([https://www.imperialviolet.org/2014/04/19/revchecking.html maybe not the highest priority])
    2110
    2211== Long Term ==