Hello, Users of Twisted and OpenSSL 1.1 and 1.0.2 cannot connect to all HTTPS sites because Twisted sets its own ECDH curve instead of using the defaults selected by these versions of OpenSSL.
The gory details are here: https://twistedmatrix.com/trac/ticket/9210 https://github.com/twisted/twisted/pull/927 The solution to this bug favored by an OpenSSL maintainer is to drop support for OpenSSL versions before 1.0.2. I'm also in favor of this because: - 1.0.2 is the oldest supported version of OpenSSL - The ECDH curve selection code would be much simpler if we only supported OpenSSL 1.0.2 - cryptography wheels installed from PyPI include OpenSSL 1.1 Do you use the latest version of Twisted with OpenSSL 1.0.1? If so, do the above reasons satisfy your concerns? Thanks! -- Mark Williams m...@enotuniq.org _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
