[Twisted-Python] OpenSSL versions
Glyph
glyph at twistedmatrix.com
Tue Nov 21 13:01:16 MST 2017
> On Nov 21, 2017, at 11:56 AM, Mark Williams <mrw at enotuniq.org> wrote:
>
> Hello,
>
> Users of Twisted and OpenSSL 1.1 and 1.0.2 cannot connect to all HTTPS
> sites because Twisted sets its own ECDH curve instead of using the
> defaults selected by these versions of OpenSSL.
>
> The gory details are here:
> https://twistedmatrix.com/trac/ticket/9210
> https://github.com/twisted/twisted/pull/927
>
> The solution to this bug favored by an OpenSSL maintainer is to drop
> support for OpenSSL versions before 1.0.2. I'm also in favor of this
> because:
>
> - 1.0.2 is the oldest supported version of OpenSSL
> - The ECDH curve selection code would be much simpler if we only
> supported OpenSSL 1.0.2
> - cryptography wheels installed from PyPI include OpenSSL 1.1
>
> Do you use the latest version of Twisted with OpenSSL 1.0.1? If so, do
> the above reasons satisfy your concerns?
>
> Thanks!
I have one question:
When I `pip install cryptography` on linux, do I presently get a self-contained manylinux1 wheel right now with a built-in OpenSSL, or do I need to care what my "distro" (or Docker base image) is shipping?
-glyph
More information about the Twisted-Python
mailing list