[Twisted-Python] Block TLS 1.0 and TLS 1.1 support on windows

John Aherne johnaherne at rocs.co.uk
Mon Aug 31 11:02:08 MDT 2020 

Thanks. That was quick.

Just wondering how I can add that to my endpoint_description create
serverfromstring.

Or will I have to drop that.

Let me  take a look.

Cheers

John

On Mon, Aug 31, 2020 at 4:58 PM L. Daniel Burr <ldanielburr at me.com> wrote:

> Hi John,
>
> I think you want
> https://twistedmatrix.com/documents/20.3.0/api/twisted.internet.ssl.CertificateOptions.html,
> specifically, you want to pass the "raiseMinimumTo" parameter,
>
> Hope this helps,
>
> L. Daniel Burr
>
> On Aug 31, 2020, at 10:47 AM, John Aherne <johnaherne at rocs.co.uk> wrote:
>
>  I'm using twisted 20.3 and python3.6.8 and Windows 10
>
> I'm using endpoint_description with a tac file to start up a server.
>
> But I need to disable tls 1.0 and 1.1.
>
> I was hoping to find a parameter I could pass in to make the system only
> recognise 1.2 and 1.3. But could not find anything that would do that. I
> thought sslmethod would be what I wanted but that is limited to :
>
> Must be one of: "SSLv23_METHOD", "SSLv2_METHOD", "SSLv3_METHOD",
> "TLSv1_METHOD". If I choose TLSv1_METHOD, TLS1.0 and 1.1 are still enabled
> and QUALYS complains and downgrades the rating to B
> In the end I found _defaultMinimumTLSVersion in _sslverify.py.
>
> I set this to TLSVersion.TLSv1_2 and that seemed to do the trick.
>
> But I don't think I should be doing that. I think I've missed some obvious
> place where I can pass in a value to change this.
>
> Anyone  know where I should be looking.
>
> Thanks for any info
>
> --
> *John Aherne*
>
>
>
>
> *www.rocs.co.uk <http://www.rocs.co.uk/>*
> 020 7223 7567
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>


-- 
*John Aherne*




*www.rocs.co.uk <http://www.rocs.co.uk>*
020 7223 7567
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20200831/0c7f9d07/attachment-0001.htm>

More information about the Twisted-Python mailing list