[Twisted-web] Twisted Web Agent configurable Elliptic Curves settings

Paul Tremberth paul.tremberth at gmail.com
Thu Apr 27 02:56:06 MDT 2017 

> What platform are you on?
> How do you know what version of OpenSSL you're using?
> (It can sometimes be quite tricky to suss out what OpenSSL twisted is
using unless you know the internals fairly well, unfortunately; 'twist
--version' really ought to print it out.)

I'm on (X)Ubuntu 16.10. And the system uses 1.0.2g-1ubuntu9.1.
But I built my own static wheel version of cryptography following
https://cryptography.io/en/latest/installation/#static-wheels ,
with OPENSSL_VERSION="1.1.0e"
and pip installed the wheel in another virtualenv to test it, along with
twisted[tls]

I checked OpenSSL version using this (that's what scrapy also does when
printing versions):
$ python -c "import OpenSSL;
print(OpenSSL.SSL.SSLeay_version(OpenSSL.SSL.SSLEAY_VERSION))"
OpenSSL 1.1.0e  16 Feb 2017

> What about with 1.0.2?

I just tested it again this morning with my system's default openssl:

    $ python -c "import OpenSSL;
print(OpenSSL.SSL.SSLeay_version(OpenSSL.SSL.SSLEAY_VERSION))"
    OpenSSL 1.0.2g  1 Mar 2016

with the same snippet using Twisted Web Agent,
this is what wireshark shows in the ClientHello:

Extension: elliptic_curves
    Type: elliptic_curves (0x000a)
    Length: 28
    Elliptic Curves Length: 26
    Elliptic curves (13 curves)
        Elliptic curve: secp256r1 (0x0017)
        Elliptic curve: secp521r1 (0x0019)
        Elliptic curve: brainpoolP512r1 (0x001c)
        Elliptic curve: brainpoolP384r1 (0x001b)
        Elliptic curve: secp384r1 (0x0018)
        Elliptic curve: brainpoolP256r1 (0x001a)
        Elliptic curve: secp256k1 (0x0016)
        Elliptic curve: sect571r1 (0x000e)
        Elliptic curve: sect571k1 (0x000d)
        Elliptic curve: sect409k1 (0x000b)
        Elliptic curve: sect409r1 (0x000c)
        Elliptic curve: sect283k1 (0x0009)
        Elliptic curve: sect283r1 (0x000a)


>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://twistedmatrix.com/pipermail/twisted-web/attachments/20170427/3207b0f4/attachment.html>

More information about the Twisted-web mailing list