[Twisted-Python] Twisted 16.3.0 Prerelease 2 Announcement
Amber "Hawkie" Brown
hawkowl at atleastfornow.net
Sat Jul 9 12:22:39 MDT 2016
Hmm, I have it working fine (Python 2.7/3.5, w/ Cryptography wheels on OS X)...
The default ciphers in Twisted are:
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
So I am not sure why it's not picking up "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" first...
- Amber
> On 10 Jul 2016, at 01:30, Paweł Miech <pawelmhm at gmail.com> wrote:
>
> Thanks for fixing this.
>
> Did anyone actually manage to make HTTP2 in Twisted work with Google-Chrome? I tried to do this today, and it seems this is surprisingly difficult. It turns out that Chrome requires ALPN and it dropped support for NPN. ALPN is only supported with OpenSSL 1.0.2 or above, which by default is not available in most systems. This is discussed here. I tried setting up docker image with Ubuntu 16.04 that has required version of OpenSSL, but it seems that Chrome still doesn't like it. It returns ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY error and fails to load page. Looking up this error I found out this might be happening because some TSL ciphers are blacklisted in HTTP2, there is nice answer about this here it links to this part of HTTP2 spec https://http2.github.io/http2-spec/#rfc.section.9.2.2
>
> My question is: should user deal with this kind of stuff themselves? If some ciphers are blacklisted in HTTP2 shouldn't this be handled somewhere in Twisted? E.g. perhaps there should be some Http2SSLContextFactory? If you'd like to reproduce this I did some sample repo here: https://github.com/pawelmhm/sf-books-http2 it contains dockerfile that builds from Ubuntu 16.04 and runs simple Twisted HTTP 2 resource.
>
> 2016-07-04 13:48 GMT+02:00 Craig Rodrigues <rodrigc at crodrigues.org>:
> On Sun, Jul 3, 2016 at 3:15 AM, Paweł Miech <pawelmhm at gmail.com> wrote:
> HTTP2 support sounds really exciting.
>
> > Please let me know if you have any issues, as well as if you don't! If everything works well, that's a good thing for me to know :)
>
> I played around with this today and found out that the command you recommend:
>
> > pip install -U https://twistedmatrix.com/Releases/pre/16.3.0pre2/Twisted-16.3.0rc2.tar.bz2#egg=Twisted[http2,tls]
>
> does NOT install dependencies when ran on Python 3, I had to manually install h2 to HTTP2 support to work. It works ok on Python 2. My installation logs on Python 3.4 look like this:
>
>
> I think I've fixed that in trunk with this:
>
> https://github.com/twisted/twisted/pull/287
>
> --
> Craig
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/twisted-python/attachments/20160710/f7ee83ce/attachment.sig>
More information about the Twisted-Python
mailing list