Thanks. That was quick. Just wondering how I can add that to my endpoint_description create serverfromstring.
Or will I have to drop that. Let me take a look. Cheers John On Mon, Aug 31, 2020 at 4:58 PM L. Daniel Burr <ldanielb...@me.com> wrote: > Hi John, > > I think you want > https://twistedmatrix.com/documents/20.3.0/api/twisted.internet.ssl.CertificateOptions.html, > specifically, you want to pass the "raiseMinimumTo" parameter, > > Hope this helps, > > L. Daniel Burr > > On Aug 31, 2020, at 10:47 AM, John Aherne <johnahe...@rocs.co.uk> wrote: > > I'm using twisted 20.3 and python3.6.8 and Windows 10 > > I'm using endpoint_description with a tac file to start up a server. > > But I need to disable tls 1.0 and 1.1. > > I was hoping to find a parameter I could pass in to make the system only > recognise 1.2 and 1.3. But could not find anything that would do that. I > thought sslmethod would be what I wanted but that is limited to : > > Must be one of: "SSLv23_METHOD", "SSLv2_METHOD", "SSLv3_METHOD", > "TLSv1_METHOD". If I choose TLSv1_METHOD, TLS1.0 and 1.1 are still enabled > and QUALYS complains and downgrades the rating to B > In the end I found _defaultMinimumTLSVersion in _sslverify.py. > > I set this to TLSVersion.TLSv1_2 and that seemed to do the trick. > > But I don't think I should be doing that. I think I've missed some obvious > place where I can pass in a value to change this. > > Anyone know where I should be looking. > > Thanks for any info > > -- > *John Aherne* > > > > > *www.rocs.co.uk <http://www.rocs.co.uk/>* > 020 7223 7567 > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com > https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python > > > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com > https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python > -- *John Aherne* *www.rocs.co.uk <http://www.rocs.co.uk>* 020 7223 7567
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
