[Twisted-Python] Twisted 14.0.0pre5 Announcement
Glyph Lefkowitz
glyph at twistedmatrix.com
Thu May 1 16:19:04 MDT 2014
On May 1, 2014, at 1:08 PM, Hynek Schlawack <hs at ox.cx> wrote:
> On 1 May 2014, at 21:28, Glyph Lefkowitz wrote:
>
>>> When I connect to the hosts you mention using openssl (don’t forget to set -servername if you play along) I only get TLSv1. Is it possible that there’s some custom TLS code laying around?
>>
>> As far as I can see, only <https://github.com/glyph/txsni>. It constructs the CertificateOptions in <https://github.com/glyph/txsni/blob/master/txsni/only_noticed_pypi_pem_after_i_wrote_this.py> (whose name suggests a change I need to make to this library). Am I forgetting some cool new options to CertificateOptions?
>
> If you want DHE, you need to load DH parameters:http://twisted.readthedocs.org/en/latest/core/howto/ssl.html#tls-protocol-options too.
I'm going to make txsni use pem, and then get the automagical DH params version with 0.4 ;-).
> Why your server only accepts TLSv1 is beyond me off the cuff.
Oh hah, I think I got it: in order to do SNI with OpenSSL, you need an _initial_ context. For me, in txSNI, that's an incredibly poorly-set-up one just specifying TLSv1_METHOD, here: <https://github.com/glyph/txsni/blob/master/txsni/snimap.py#L11>
I should probably have a default DEFAULT.pem symlink in there or something.
Another name hosted on that domain is <https://www.ssllabs.com/ssltest/analyze.html?d=glyph.twistedmatrix.com> which doesn't have any of the spurious chain errors.
-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://twistedmatrix.com/pipermail/twisted-python/attachments/20140501/5e9ca37b/attachment.html>
More information about the Twisted-Python
mailing list