Opened 6 months ago

Last modified 6 months ago

#7033 task new

Use PyOpenSSL's ECDHE API

Reported by: lvh Owned by:
Priority: normal Milestone:
Component: core Keywords: tls ecdhe
Cc: Branch:
Author: Launchpad Bug:

Description (last modified by lvh)

In ticket #6586, hynek and I introduced temporary ECDHE support for Twisted, greatly improving Twisted's default behavior for TLS servers. However, it does so with some custom code. It'd be preferable if we just inherited that behavior from PyOpenSSL instead, since it would be less code in Twisted to maintain.

For this to be possible, several things have to happen, all but the last of them upstream:

  • One of the ECDHE support branches needs to land in PyOpenSSL. Right now it looks most likely it will be https://github.com/pyca/pyopenssl/pull/57
  • cryptography needs to make a release >= 0.2.2
  • PyOpenSSL needs to make a release that depends on a cryptography release >= 0.2.2
  • Twisted needs to depend on that new PyOpenSSL release


Once all of that happens, we can just use the behavior from PyOpenSSL, and remove the workaround.

Change History (1)

comment:1 Changed 6 months ago by lvh

  • Description modified (diff)
Note: See TracTickets for help on using tickets.