[Twisted-Python] Re: How to make a secure connection between two computers

Jean-Paul Calderone exarkun at divmod.com
Tue Feb 12 13:36:12 MST 2008


On Tue, 12 Feb 2008 20:08:21 +0100, Martin Geisler <mg at daimi.au.dk> wrote:
>Jean-Paul Calderone <exarkun at divmod.com> writes:
>
>>>I am using TLS via GNUTLS via python-gnutls :-)
>>>
>>>  http://pypi.python.org/pypi/python-gnutls
>>>
>>>As I understand it, TLS is the successor to SSL. Python-gnutls
>>>contains an example echo server and client that using Twisted and TLS.
>>
>> Yes, although TLS is commonly referred to as SSL, and Twisted's "SSL"
>> support is actually support of SSL and TLS.
>
>Okay, good to know.
>
>>>To generate the certificates I use this Makefile:
>>>
>>> [snip]
>>
>> One can also use recent versions of twisted.internet.ssl to generate
>> certificates.
>>
>> See KeyPair, PrivateCertificate, and Certificate (and maybe some other
>> stuff, if you want) here:
>>
>>  http://twistedmatrix.com/documents/current/api/twisted.internet.ssl.html
>
>Thanks! I actually do want to replace the Makefile with Python to make
>it cross-platform. In that regard I probably also have to replace the
>python-gnutls library since it has no Windows binaries (that I could
>tell).
>
>I initially stayed away from pyOpenSSL since
>
>* it seems dead: last release was in 2004 with Windows installers for
>  Python 2.1. This message seems to indicate that a live form exists:
>  http://tinyurl.com/3b4yeq

There isn't much, if any, development happening on PyOpenSSL.  Partially,
this is because it does enough as it is now (although there are some
features it could provide which would be nice).  Partially it's because
the original author has disappeared into the void.

>
> [snip licensing issues I don't have any clue about]
>
>* The GnuTLS has a nice (maybe biased) comparison page:
>
>    http://www.gnu.org/software/gnutls/comparison.html
>

GnuTLS support in Twisted might be interesting.  I have heard rumors that
OpenSSL is a higher quality implementation than GnuTLS, but I don't have
any first-hand experience; it's possible this is just fud.

There's no reason Twisted couldn't support both of these libraries and use
whichever is available (or allow explicit selection).  I think there's even
a ticket open in the tracker for this.  But since PyOpenSSL basically works,
the motivation to work on this might be missing for a lot of people.

>
>Is there a cross-platform GPL compatible library out there that will
>give me TLS for Linux, Mac, and Windows on Python 2.4 and upwards?

There's also TLSLite, which includes Twisted support.  I don't have any
first-hand experience with it either, though.

There's also M2Crypto, but since that's just another OpenSSL wrapper, it
probably doesn't take care of your license concerns.

Jean-Paul




More information about the Twisted-Python mailing list