[Twisted-Python] Twisted 14.0.0pre5 Announcement
Hynek Schlawack
hs at ox.cx
Thu May 1 14:08:20 MDT 2014
On 1 May 2014, at 21:28, Glyph Lefkowitz wrote:
>> When I connect to the hosts you mention using openssl (don’t forget
>> to set -servername if you play along) I only get TLSv1. Is it
>> possible that there’s some custom TLS code laying around?
>
> As far as I can see, only <https://github.com/glyph/txsni>. It
> constructs the CertificateOptions in
> <https://github.com/glyph/txsni/blob/master/txsni/only_noticed_pypi_pem_after_i_wrote_this.py>
> (whose name suggests a change I need to make to this library). Am I
> forgetting some cool new options to CertificateOptions?
If you want DHE, you need to load DH parameters:
http://twisted.readthedocs.org/en/latest/core/howto/ssl.html#tls-protocol-options
too.
Why your server only accepts TLSv1 is beyond me off the cuff.
> The machine is an Ubuntu 14.04 machine with
> libssl1.0.0:libssl1.0.1f-ubuntu-don't-have-a-heart-attack-it's-actually-g
> (I seriously wish they wouldn't do that with security patches).
Well, that’s what distributions do. *shrug* They don’t update your
software so nothing breaks; they just fix the security issues (thus
it’s not necessarily g, Ubuntu’s fix *can* be very different from
what OpenSSL did.
More information about the Twisted-Python
mailing list