On 1 May 2014, at 21:28, Glyph Lefkowitz wrote:
When I connect to the hosts you mention using openssl (don’t forget
to set -servername if you play along) I only get TLSv1. Is it
possible that there’s some custom TLS code laying around?
As far as I can see, only <https://github.com/glyph/txsni>. It
constructs the CertificateOptions in
<https://github.com/glyph/txsni/blob/master/txsni/only_noticed_pypi_pem_after_i_wrote_this.py>
(whose name suggests a change I need to make to this library). Am I
forgetting some cool new options to CertificateOptions?
If you want DHE, you need to load DH parameters:
http://twisted.readthedocs.org/en/latest/core/howto/ssl.html#tls-protocol-options
too.
Why your server only accepts TLSv1 is beyond me off the cuff.
The machine is an Ubuntu 14.04 machine with
libssl1.0.0:libssl1.0.1f-ubuntu-don't-have-a-heart-attack-it's-actually-g
(I seriously wish they wouldn't do that with security patches).
Well, that’s what distributions do. *shrug* They don’t update your
software so nothing breaks; they just fix the security issues (thus
it’s not necessarily g, Ubuntu’s fix *can* be very different from
what OpenSSL did.
_______________________________________________
Twisted-Python mailing list
[email protected]
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
