Improve: SSL Ciphers

[n2k3]

URL: /wiki/advanced/ssl-ciphers.html

Improvement: With a fresh sabnzbd v4.1.0 install on Windows 11, version 22H2, build 22621.2861 Using the text on the page:

When there are active connections, you can see which protocol is being used for each server in the Status and Interface settings (, Connections). For example: TLSv1.2 (DHE-RSA-AES128-SHA).

The value defaulted to TLSv1.3 (TLS_AES_128_GCM_SHA256) for me, therefor the Note earlier on the page is no longer valid (at least on Windows):

NOTE Setting the SSL Cipher with news servers that support TLS 1.3 connections is not (yet) supported by Python and thus SABnzbd. Setting custom ciphers forces the maximum TLS version to 1.2.

---

Additional Version info:	Name	Version
SABnzbd	v4.1.0 [b7e3401]
Python	v3.11.5 (tags/v3.11.5:cce6ba9, Aug 24 2023, 14:38:34) [MSC v.1936 64 bit (AMD64)] [cp1252]
OpenSSL	v3.0.9 30 May 2023

[Safihre]

I don't think I understand? What is exactly the problem?

[n2k3]

The text of the Note on the SSL Cipher page seems to be no longer true, and is therefor confusing and can be removed.

[sanderjo]

The text of the Note on the SSL Cipher page seems to be no longer true, and is therefor confusing and can be removed.

So: can you give a counter proof? Can you specify (as in: fill out) a cipher in SABnzbd's GUI, which then results in a TLS 1.3 connection?

(your TLS 1.3 connection above is when you fill out nothing, right?)

[Safihre]

It's not possible in Python: https://github.com/python/cpython/issues/80665 That's why we don't support it in SABnzbd.

[n2k3]

Ah sorry, I misunderstood. The default is not overriding the cipher suite selection, therefor it's TLS 1.3 by default.