[Twisted-Python] TLS broken with twisted.words.protocols.jabber

Ralph Meijer twisted at ralphm.ik.nu
Fri Nov 21 15:00:44 EST 2008


On Fri, Nov 21, 2008 at 01:20:59PM -0500, Itamar Shtull-Trauring wrote:
> On Thu, 2008-11-20 at 17:00 -0700, Jack Moffitt wrote:
> > I would like to propose that #3463
> > (http://twistedmatrix.com/trac/ticket/3463) be additionally committed
> > to the 8.1 branch and any other branches that still get point
> > releases.  It is a pretty critical workaround which fixes the fact
> > that recent OpenSSL libraries cannot connect to Java based services.
> 
> Why not request relevant distros to do an openssl bugfix and backport?
> It'd help more people than just twisted users.

Because it is actually a bug in Java, not in OpenSSL. It is just that
recent OpenSSL versions enable a feature (Session Tickets) that is
standards-wise backwards compatible.  Arguably, distributions could
choose to not enable the feature by default, but that doesn't have my
preference.

This change adds a option to choose if the feature is used, and disables
it by default because there is no further support in our SSL code for
it and it immediately helps fix a problem that I don't think will be
resolved server-side any time soon.

-- 
Groetjes,

ralphm




More information about the Twisted-Python mailing list