[Twisted-Python] TLS broken with twisted.words.protocols.jabber

glyph at divmod.com glyph at divmod.com
Fri Nov 21 21:57:41 EST 2008

On 21 Nov, 08:00 pm, twisted at ralphm.ik.nu wrote:
>On Fri, Nov 21, 2008 at 01:20:59PM -0500, Itamar Shtull-Trauring wrote:
>>On Thu, 2008-11-20 at 17:00 -0700, Jack Moffitt wrote:
>> > I would like to propose that #3463
>> > (http://twistedmatrix.com/trac/ticket/3463) be additionally 
>> > to the 8.1 branch and any other branches that still get point
>> > releases.  It is a pretty critical workaround which fixes the fact
>> > that recent OpenSSL libraries cannot connect to Java based services.
>>Why not request relevant distros to do an openssl bugfix and backport?
>>It'd help more people than just twisted users.
>Because it is actually a bug in Java, not in OpenSSL. It is just that
>recent OpenSSL versions enable a feature (Session Tickets) that is
>standards-wise backwards compatible.  Arguably, distributions could
>choose to not enable the feature by default, but that doesn't have my
>This change adds a option to choose if the feature is used, and 
>it by default because there is no further support in our SSL code for
>it and it immediately helps fix a problem that I don't think will be
>resolved server-side any time soon.

If the "fix" for Twisted is to just disable this feature by default, 
then it should remain disabled by default for everybody.  Including it 
in the build so that people who want it can enable it is fine, but 
leaving it on by default for other libraries besides Twisted seems 

In other words, this really has nothing to do with Twisted, and 
everything to do with the fact that Debian should not be screwing around 
with OpenSSL.  Have they already forgotten what happened last time?

More information about the Twisted-Python mailing list