> In an earlier e-mail you mentioned that you were using Python 3. Is that
still true?
I can reproduce this in Python 2.7.11 and Python 3.5.2. In both of them
Chrome responds with ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY. When I test
with curl with verbose flag I see that it also shows information
> On 11 Jul 2016, at 22:04, Paweł Miech wrote:
>
> This seems to suggest that Ubuntu 16.04 (the system I'm testing) does not
> support ciphers required by HTTP2. But nginx article about HTTP2 lists ubuntu
> as only linux like system that is able to support HTTP2 over ALPN which is
> required
> On 11 Jul 2016, at 20:22, Glyph Lefkowitz wrote:
>
> So pyOpenSSL/Cryptography doesn't have SSL_get_current_cipher anywhere?
get_current_cipher isn’t helpful. In particular, it puts us in an awkward place
where we have a connection that has been negotiated for HTTP/2, but we cannot
use it.
On Tue, 12 Jul 2016 at 09:43 Cory Benfield wrote:
> For that reason, you should adjust your code to use
> OpenSSLCertificateOptions or, even better, use the TLS endpoint directly.
>
> The exported name of this class is actually just "CertificateOptions",
fwiw.
> DefaultOpenSSLContextFactory should have been deprecated a long time ago.
It’s insecure, and in particular does not set a cipher string, so it uses
DEFAULT. That will have all kinds of messed up priorities. For that reason,
you should adjust your code to use OpenSSLCertificateOptions or, even
bet
> On 12 Jul 2016, at 09:33, Paweł Miech wrote:
>
> If you google for "ssl in twisted" you will also find articles that recommend
> it. Since so many people use it, maybe it could be updated to be more secure?
> If it does not make sense to update it then perhaps it would be good to
> deprecat
> Agreed. I’m planning to begin the deprecation process, though it will
take a little while as we need to remove all uses of it from within the
Twisted codebase itself, as well as from the documentation. That turns out
to be a bigger task than expected!
+1
One final point that I glossed over earl
> On 12 Jul 2016, at 17:42, Paweł Miech wrote:
>
> > Agreed. I’m planning to begin the deprecation process, though it will take
> > a little while as we need to remove all uses of it from within the Twisted
> > codebase itself, as well as from the documentation. That turns out to be a
> > big
> On Jul 12, 2016, at 12:43 AM, Cory Benfield wrote:
>
> DefaultOpenSSLContextFactory should have been deprecated a long time ago.
2 years ago, to be precise:
https://twistedmatrix.com/trac/ticket/6923
Someone fixing this would be tremendously useful.
-glyph
__
Right now it seems the difference-computation logic on the twistedchecker
buildbot has just broken completely. It's introducing useless noise into the
build results because it makes every actually-passing build into a big red 'X'
on the pull request status page. I think I'm going to remove it.
On 13 July 2016 at 00:37, Glyph Lefkowitz wrote:
> Right now it seems the difference-computation logic on the twistedchecker
> buildbot has just broken completely. It's introducing useless noise into
> the build results because it makes every actually-passing build into a big
> red 'X' on the pu
11 matches
Mail list logo
