Re: [Twisted-Python] Block TLS 1.0 and TLS 1.1 support on windows

2020-09-01 Thread John Aherne
Yes. I could see _parseSSL wasn't checking for all the options. So I decided to drop the endpoints for now. Thanks John On Tue, Sep 1, 2020 at 5:48 AM Glyph wrote: > Super glad you got this working! > > However, what L. Daniel Burr suggested is correct - whether there's an > existing ticket o

Re: [Twisted-Python] Block TLS 1.0 and TLS 1.1 support on windows

2020-08-31 Thread Glyph
Super glad you got this working! However, what L. Daniel Burr suggested is correct - whether there's an existing ticket or not, the string endpoint should support all of these features. (However, using pem is fine, too.) -g > On Aug 31, 2020, at 1:16 PM, John Aherne wrote: > > Thanks for loo

Re: [Twisted-Python] Block TLS 1.0 and TLS 1.1 support on windows

2020-08-31 Thread L. Daniel Burr
Hi John, I don't think you can accomplish it via a change to the description string, because serverFromString relies on the existing _parseSSL function is only passing the deprecated ssl method argument to CertificateOptions. I haven't tried this myself, but I think the solution is to provide y

Re: [Twisted-Python] Block TLS 1.0 and TLS 1.1 support on windows

2020-08-31 Thread John Aherne
Thanks for looking all this up. I'd already decided to drop the endpoint server from string. So I'm using Hynek Schlaweck PEM package to build the certificate options. That seems to be working. Anyway I'm getting an A from Qualys at the moment having reset the _defaultMinimumTLSVersion back to i

Re: [Twisted-Python] Block TLS 1.0 and TLS 1.1 support on windows

2020-08-31 Thread L. Daniel Burr
Hi John, I think you want https://twistedmatrix.com/documents/20.3.0/api/twisted.internet.ssl.CertificateOptions.html , specifically, you want to pass the "raiseMinimumTo" parameter, Hope this helps,

Re: [Twisted-Python] Block TLS 1.0 and TLS 1.1 support on windows

2020-08-31 Thread John Aherne
Thanks. That was quick. Just wondering how I can add that to my endpoint_description create serverfromstring. Or will I have to drop that. Let me take a look. Cheers John On Mon, Aug 31, 2020 at 4:58 PM L. Daniel Burr wrote: > Hi John, > > I think you want > https://twistedmatrix.com/docum