On 13 July 2016 at 00:37, Glyph Lefkowitz wrote:
> Right now it seems the difference-computation logic on the twistedchecker
> buildbot has just broken completely. It's introducing useless noise into
> the build results because it makes every actually-passing build into a big
> red 'X' on the pu
Right now it seems the difference-computation logic on the twistedchecker
buildbot has just broken completely. It's introducing useless noise into the
build results because it makes every actually-passing build into a big red 'X'
on the pull request status page. I think I'm going to remove it.
> On Jul 12, 2016, at 12:43 AM, Cory Benfield wrote:
>
> DefaultOpenSSLContextFactory should have been deprecated a long time ago.
2 years ago, to be precise:
https://twistedmatrix.com/trac/ticket/6923
Someone fixing this would be tremendously useful.
-glyph
__
> On 12 Jul 2016, at 17:42, Paweł Miech wrote:
>
> > Agreed. I’m planning to begin the deprecation process, though it will take
> > a little while as we need to remove all uses of it from within the Twisted
> > codebase itself, as well as from the documentation. That turns out to be a
> > big
> Agreed. I’m planning to begin the deprecation process, though it will
take a little while as we need to remove all uses of it from within the
Twisted codebase itself, as well as from the documentation. That turns out
to be a bigger task than expected!
+1
One final point that I glossed over earl
> On 12 Jul 2016, at 09:33, Paweł Miech wrote:
>
> If you google for "ssl in twisted" you will also find articles that recommend
> it. Since so many people use it, maybe it could be updated to be more secure?
> If it does not make sense to update it then perhaps it would be good to
> deprecat
> DefaultOpenSSLContextFactory should have been deprecated a long time ago.
It’s insecure, and in particular does not set a cipher string, so it uses
DEFAULT. That will have all kinds of messed up priorities. For that reason,
you should adjust your code to use OpenSSLCertificateOptions or, even
bet
On Tue, 12 Jul 2016 at 09:43 Cory Benfield wrote:
> For that reason, you should adjust your code to use
> OpenSSLCertificateOptions or, even better, use the TLS endpoint directly.
>
> The exported name of this class is actually just "CertificateOptions",
fwiw.
> On 11 Jul 2016, at 20:22, Glyph Lefkowitz wrote:
>
> So pyOpenSSL/Cryptography doesn't have SSL_get_current_cipher anywhere?
get_current_cipher isn’t helpful. In particular, it puts us in an awkward place
where we have a connection that has been negotiated for HTTP/2, but we cannot
use it.
> On 11 Jul 2016, at 22:04, Paweł Miech wrote:
>
> This seems to suggest that Ubuntu 16.04 (the system I'm testing) does not
> support ciphers required by HTTP2. But nginx article about HTTP2 lists ubuntu
> as only linux like system that is able to support HTTP2 over ALPN which is
> required
> In an earlier e-mail you mentioned that you were using Python 3. Is that
still true?
I can reproduce this in Python 2.7.11 and Python 3.5.2. In both of them
Chrome responds with ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY. When I test
with curl with verbose flag I see that it also shows information
11 matches
Mail list logo
