[Twisted-Python] Does Twisted support ECC for TLS?
Glyph
glyph at twistedmatrix.com
Sat Mar 3 20:06:15 MST 2018
> On Mar 3, 2018, at 2:38 PM, Justin Myles Holmes <twotonespirit at gmail.com> wrote:
>
> I'm trying to bend a little bit of custom TLS - one possible use case for me is a HendrixDeploy object which uses an ethereum keypair to self-sign a certificate.
>
> So I'm wondering: is it currently possible to use an ECC keypair for TLS with Twisted?
>
> Here's what I've discovered:
>
> twisted.internet.sssl.ContextFactory has a method, use_privatekey(). This thing wants an OpenSSL.crypto.PKey object. And, lo and behold, PKey offers a facility, from_cryptography_key(), which attempts to use a key from cryptography.io <http://cryptography.io/>, from whence I'm generating keys anyway. However, it expects an RSA or DSA key, not an EC or ECDSA key.
>
> Glyph suggested that, instead of trying to handle PKeys myself, I might try loading PEM files with txsni or the like.
>
> I can actually get txsni to work with my cert/keypair, but I don't seem to be able to get a client to connect. For example, Firefox tells me "SSL_ERROR_NO_CYPHER_OVERLAP".
>
> I tried the same things with SSL4ServerEndpoint, and I get exactly the same thing - my protocol's dataReceived method is never run, no output appears in the console, but the client gets this same error.
>
> I notice that there's an issue on PyOpenSSL which appears to address this:
Looks like your message was truncated before getting to the link :-).
-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20180303/d8ebbf5c/attachment-0002.html>
More information about the Twisted-Python
mailing list