[Twisted-Python] TLS broken with twisted.words.protocols.jabber

Tristan Seligmann mithrandi at mithrandi.net
Sat Nov 22 04:05:00 EST 2008


* glyph at divmod.com <glyph at divmod.com> [2008-11-22 02:57:41 -0000]:

> In other words, this really has nothing to do with Twisted, and  
> everything to do with the fact that Debian should not be screwing around  
> with OpenSSL.  Have they already forgotten what happened last time?

Isn't this an upstream change?

> OpenSSL CHANGES
> _______________
>
>  Changes between 0.9.8e and 0.9.8f  [11 Oct 2007]
[...]
>   *) Add RFC4507 support to OpenSSL. This includes the corrections in
>      RFC4507bis. The encrypted ticket format is an encrypted encoded
>      SSL_SESSION structure, that way new session features are automatically
>      supported.
> 
>      If a client application caches session in an SSL_SESSION structure
>      support is transparent because tickets are now stored in the encoded
>      SSL_SESSION.
> 
>      The SSL_CTX structure automatically generates keys for ticket
>      protection in servers so again support should be possible
>      with no application modification.
> 
>      If a client or server wishes to disable RFC4507 support then the option
>      SSL_OP_NO_TICKET can be set.
> 
>      Add a TLS extension debugging callback to allow the contents of any client
>      or server extensions to be examined.
> 
>      This work was sponsored by Google.
>      [Steve Henson]

I'll admit to lack of familiarity with OpenSSL, and this functionality
in particular, so maybe I'm just confused.
-- 
mithrandi, i Ainil en-Balandor, a faer Ambar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://twistedmatrix.com/pipermail/twisted-python/attachments/20081122/e9e8bd20/attachment.pgp 


More information about the Twisted-Python mailing list