xen should be ported to use NSS library for cryptography. See the tracking bug for details and links on how it could be done.
Is there a Python binding for NSS ? Without one this bug can't be addressed.
Having considered this ticket. XenD only uses SSL for the XenAPI service. We don't use this in Fedora, since libvirt provides the management service. So I've no interest in wasting time porting XenAPI. The Xen device model uses QEMU which has SSL. We are trying to get Xen to use upstream QEMU codebase rather than its own private fork. Porting Xen's QEMU to NSS will just make it an even worse fork compared to upstream QEMU which is not a sustainable approach.