search

python-hyper / h2

Pure-Python HTTP/2 protocol implementation
https://python-hyper.org/
MIT License
968 stars 157 forks source link

Bad recommendation of cipher suites in examples and docs #1284

Closed mrdaybird closed 3 months ago

mrdaybird commented 3 months ago

The http2 server and client examples in the docs use DHE, see towards the end:

ctx.set_ciphers("ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20")

I think DHE should be removed from this considering CVE-2002-20001(https://github.com/advisories/GHSA-jx4r-qc68-xjr5)

mrdaybird commented 3 months ago

Mozilla recommends the same set of cipher suites (https://wiki.mozilla.org/Security/Server_Side_TLS). Sorry for filling prematurely!