[Twisted-Python] TLS broken with twisted.words.protocols.jabber
glyph at divmod.com
glyph at divmod.com
Fri Nov 21 21:57:41 EST 2008
On 21 Nov, 08:00 pm, twisted at ralphm.ik.nu wrote:
>On Fri, Nov 21, 2008 at 01:20:59PM -0500, Itamar Shtull-Trauring wrote:
>>On Thu, 2008-11-20 at 17:00 -0700, Jack Moffitt wrote:
>> > I would like to propose that #3463
>> > (http://twistedmatrix.com/trac/ticket/3463) be additionally
>>committed
>> > to the 8.1 branch and any other branches that still get point
>> > releases. It is a pretty critical workaround which fixes the fact
>> > that recent OpenSSL libraries cannot connect to Java based services.
>>
>>Why not request relevant distros to do an openssl bugfix and backport?
>>It'd help more people than just twisted users.
>
>Because it is actually a bug in Java, not in OpenSSL. It is just that
>recent OpenSSL versions enable a feature (Session Tickets) that is
>standards-wise backwards compatible. Arguably, distributions could
>choose to not enable the feature by default, but that doesn't have my
>preference.
>
>This change adds a option to choose if the feature is used, and
>disables
>it by default because there is no further support in our SSL code for
>it and it immediately helps fix a problem that I don't think will be
>resolved server-side any time soon.
If the "fix" for Twisted is to just disable this feature by default,
then it should remain disabled by default for everybody. Including it
in the build so that people who want it can enable it is fine, but
leaving it on by default for other libraries besides Twisted seems
wrong.
In other words, this really has nothing to do with Twisted, and
everything to do with the fact that Debian should not be screwing around
with OpenSSL. Have they already forgotten what happened last time?
More information about the Twisted-Python
mailing list