Opened 21 months ago

Last modified 6 weeks ago

#7033 task new


Reported by: lvh Owned by:
Priority: normal Milestone:
Component: core Keywords: tls ecdhe
Cc: tom@… Branch:
Author: Launchpad Bug:

Description (last modified by lvh)

In ticket #6586, hynek and I introduced temporary ECDHE support for Twisted, greatly improving Twisted's default behavior for TLS servers. However, it does so with some custom code. It'd be preferable if we just inherited that behavior from PyOpenSSL instead, since it would be less code in Twisted to maintain.

For this to be possible, several things have to happen, all but the last of them upstream:

  • One of the ECDHE support branches needs to land in PyOpenSSL. Right now it looks most likely it will be
  • cryptography needs to make a release >= 0.2.2
  • PyOpenSSL needs to make a release that depends on a cryptography release >= 0.2.2
  • Twisted needs to depend on that new PyOpenSSL release

Once all of that happens, we can just use the behavior from PyOpenSSL, and remove the workaround.

Change History (2)

comment:1 Changed 21 months ago by lvh

  • Description modified (diff)

comment:2 Changed 6 weeks ago by tomrittervg

  • Cc tom@… added

pyopenssl 0.15 now supports ECDHE ciphersuites via the Context.set_tmp_ecdh function: However the current usage in twisted does not use it.

Note: See TracTickets for help on using tickets.