[Twisted-Python] Twisted 16.3.0 Prerelease 2 Announcement
Paweł Miech
pawelmhm at gmail.com
Tue Jul 12 01:03:20 MDT 2016
> In an earlier e-mail you mentioned that you were using Python 3. Is that
still true?
I can reproduce this in Python 2.7.11 and Python 3.5.2. In both of them
Chrome responds with ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY. When I test
with curl with verbose flag I see that it also shows information about
ciphers used:
Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
...
SSL connection using TLSv1.2 / AES256-GCM-SHA384
I see ciphers are set at this point here:
https://github.com/twisted/twisted/blob/556f0f24df2eba2f38ec7f0fa422c4aa7df07fec/twisted/internet/_sslverify.py#L1660
and Twisted cipher is described here:
https://github.com/twisted/twisted/blob/556f0f24df2eba2f38ec7f0fa422c4aa7df07fec/twisted/internet/_sslverify.py#L1851
so probably this is the area to look for in case there is something going
awry in setting ciphers.
One thing to note is that I use DefaultOpenSSLContextFactory and do
something like this:
context_factory = DefaultOpenSSLContextFactory("key.pem", "cert.pem")
reactor.listenSSL(8080, site, context_factory)
Twisted docs for SSL
https://twistedmatrix.com/documents/current/core/howto/ssl.html suggest to
try something like this:
certData = getModule(__name__).filePath.sibling('server.pem').getContent()
certificate = ssl.PrivateCertificate.loadPEM(certData)
factory = protocol.Factory.forProtocol(echoserv.Echo)
reactor.listenSSL(8000, factory, certificate.options())
but those code samples from docs appeared broken. I was not able to run
them I was planning to review those docs later, find out what is wrong and
create PR for that.
Is it possible that using DefaultOpenSSLContextFactory instead of
certificate.options() affects something here? I can see my Twisted-SSL code
works ok in Chrome with HTTP 1.1 ( I can see green "secure" icon in url bar
and confirm that requests flies all right with ssl in dev tools) only fails
with HTTP2. This seems to suggest that using DefaultSSLContextFactory is ok
(even if it's not documented officially), but maybe execution path is
different for contextFactory and certificate.options()?
2016-07-12 1:47 GMT+02:00 Glyph Lefkowitz <glyph at twistedmatrix.com>:
>
> On Jul 11, 2016, at 4:42 PM, Craig Rodrigues <rodrigc at crodrigues.org>
> wrote:
>
> In an earlier e-mail you mentioned that you were using Python 3. Is that
> still true?
>
>
> Seconded - it would be very interesting to know if switching to python 2
> fixes your issue. :)
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20160712/db3a4bf7/attachment-0002.html>
More information about the Twisted-Python
mailing list