[Twisted-Python] OpenSSL versions
Mark Williams
mrw at enotuniq.org
Tue Nov 21 12:56:54 MST 2017
Hello,
Users of Twisted and OpenSSL 1.1 and 1.0.2 cannot connect to all HTTPS
sites because Twisted sets its own ECDH curve instead of using the
defaults selected by these versions of OpenSSL.
The gory details are here:
https://twistedmatrix.com/trac/ticket/9210
https://github.com/twisted/twisted/pull/927
The solution to this bug favored by an OpenSSL maintainer is to drop
support for OpenSSL versions before 1.0.2. I'm also in favor of this
because:
- 1.0.2 is the oldest supported version of OpenSSL
- The ECDH curve selection code would be much simpler if we only
supported OpenSSL 1.0.2
- cryptography wheels installed from PyPI include OpenSSL 1.1
Do you use the latest version of Twisted with OpenSSL 1.0.1? If so, do
the above reasons satisfy your concerns?
Thanks!
--
Mark Williams
mrw at enotuniq.org
More information about the Twisted-Python
mailing list