[Twisted-Python] Does Twisted support ECC for TLS?

[Glyph]

> On Mar 3, 2018, at 2:38 PM, Justin Myles Holmes <twotonespirit at gmail.com> wrote:
> 
> I'm trying to bend a little bit of custom TLS - one possible use case for me is a HendrixDeploy object which uses an ethereum keypair to self-sign a certificate.
> 
> So I'm wondering: is it currently possible to use an ECC keypair for TLS with Twisted? 
> 
> Here's what I've discovered:
> 
> twisted.internet.sssl.ContextFactory has a method, use_privatekey().  This thing wants an OpenSSL.crypto.PKey object.  And, lo and behold, PKey offers a facility, from_cryptography_key(), which attempts to use a key from cryptography.io <http://cryptography.io/>, from whence I'm generating keys anyway.  However, it expects an RSA or DSA key, not an EC or ECDSA key.
> 
> Glyph suggested that, instead of trying to handle PKeys myself, I might try loading PEM files with txsni or the like.
> 
> I can actually get txsni to work with my cert/keypair, but I don't seem to be able to get a client to connect.  For example, Firefox tells me "SSL_ERROR_NO_CYPHER_OVERLAP".
> 
> I tried the same things with SSL4ServerEndpoint, and I get exactly the same thing - my protocol's dataReceived method is never run, no output appears in the console, but the client gets this same error.
> 
> I notice that there's an issue on PyOpenSSL which appears to address this:

Looks like your message was truncated before getting to the link :-).

-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20180303/d8ebbf5c/attachment-0002.html>