> On Mar 3, 2018, at 2:38 PM, Justin Myles Holmes <twotonespi...@gmail.com>
> wrote:
>
> I'm trying to bend a little bit of custom TLS - one possible use case for me
> is a HendrixDeploy object which uses an ethereum keypair to self-sign a
> certificate.
>
> So I'm wondering: is it currently possible to use an ECC keypair for TLS with
> Twisted?
>
> Here's what I've discovered:
>
> twisted.internet.sssl.ContextFactory has a method, use_privatekey(). This
> thing wants an OpenSSL.crypto.PKey object. And, lo and behold, PKey offers a
> facility, from_cryptography_key(), which attempts to use a key from
> cryptography.io <http://cryptography.io/>, from whence I'm generating keys
> anyway. However, it expects an RSA or DSA key, not an EC or ECDSA key.
>
> Glyph suggested that, instead of trying to handle PKeys myself, I might try
> loading PEM files with txsni or the like.
>
> I can actually get txsni to work with my cert/keypair, but I don't seem to be
> able to get a client to connect. For example, Firefox tells me
> "SSL_ERROR_NO_CYPHER_OVERLAP".
>
> I tried the same things with SSL4ServerEndpoint, and I get exactly the same
> thing - my protocol's dataReceived method is never run, no output appears in
> the console, but the client gets this same error.
>
> I notice that there's an issue on PyOpenSSL which appears to address this:
Looks like your message was truncated before getting to the link :-).
-glyph
_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
