[Twisted-Python] Block TLS 1.0 and TLS 1.1 support on windows
John Aherne
johnaherne at rocs.co.uk
Mon Aug 31 09:47:02 MDT 2020
I'm using twisted 20.3 and python3.6.8 and Windows 10
I'm using endpoint_description with a tac file to start up a server.
But I need to disable tls 1.0 and 1.1.
I was hoping to find a parameter I could pass in to make the system only
recognise 1.2 and 1.3. But could not find anything that would do that. I
thought sslmethod would be what I wanted but that is limited to :
Must be one of: "SSLv23_METHOD", "SSLv2_METHOD", "SSLv3_METHOD",
"TLSv1_METHOD". If I choose TLSv1_METHOD, TLS1.0 and 1.1 are still enabled
and QUALYS complains and downgrades the rating to B
In the end I found _defaultMinimumTLSVersion in _sslverify.py.
I set this to TLSVersion.TLSv1_2 and that seemed to do the trick.
But I don't think I should be doing that. I think I've missed some obvious
place where I can pass in a value to change this.
Anyone know where I should be looking.
Thanks for any info
--
*John Aherne*
*www.rocs.co.uk <http://www.rocs.co.uk>*
020 7223 7567
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20200831/6532a11c/attachment.htm>
More information about the Twisted-Python
mailing list