Hello,
The other day, we had a Scrapy user report an issue connecting to
https://www.skelbiu.lt/ with OpenSSL 1.1 [1]
To not mix scrapy's things with Twisted Web, I used this (adapted from
official docs):
#---------------
from __future__ import print_function
from twisted.internet import reactor
from twisted.web.client import Agent
from twisted.web.http_headers import Headers
agent = Agent(reactor)
d = agent.request(
'GET',
'https://www.skelbiu.lt/',
Headers({'User-Agent': ['Twisted Web Client Example']}),
None)
def cbResponse(ignored):
print('Response received')
d.addCallback(cbResponse)
def cbShutdown(ignored):
print(ignored)
reactor.stop()
d.addBoth(cbShutdown)
reactor.run()
#---------------
And I did get a Handshake failure too:
$ python twistedtest.py
[Failure instance: Traceback (failure with no frames): <class
'twisted.web._newclient.ResponseNeverReceived'>:
[<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines',
'ssl3_read_bytes', 'sslv3 alert handshake failure')]>]
]
It seems this happens (at least) with OpenSSL 1.1.0e (currently in Debian 9
sid [2])
It does not happen (for me) with OpenSSL 1.0.2g for example.
I dug into this this afternoon and narrowed it down to the use of
_defaultCurveName = u"prime256v1"
in twisted.internet._sslverify.py
I tried patching the current trunk with _defaultCurveName = u"secp384r1"
(the EC that ssllabs.com reports)
and it did work.
Looking at ClientHello messages for openssl 1.0.2 and 1.1 [4]:
with 1.1, only 1 Elliptic Curve is sent by Twisted Web Agent, secp256r1
openssl v1.1 client uses 4 by default: ecdh_x25519, secp256r1, secp521r1,
secp384r1
I was wondering what is the proper way to configure requested Elliptic
Curves.
I haven't seen any interface for this, contrary to ciphers with
acceptableCiphers.
Thank you for your input.
Best,
Paul.
[1] https://github.com/scrapy/scrapy/issues/2717
[2] https://packages.debian.org/fr/source/sid/openssl
[3]
https://github.com/twisted/twisted/blob/78679af87e349721a167f35bef239e192e9…
[4] https://github.com/scrapy/scrapy/issues/2717#issuecomment-297464034
Hello all,
I'm pleased to announce the first release of txkube, a Twisted-based
library for interacting with Kubernetes using the HTTP API.
This release supports several of the most commonly used basic Kubernetes
objects, including Services, ConfigMaps, Deployments, ReplicaSets, and
Pods. While Kubernetes has many, many more object kinds, this collection
of kinds already supports a very useful set of interactions.
Here is an example of txkube usage, taken from the README:
from __future__ import print_function
from twisted.internet.task import react
from txkube import v1, network_kubernetes_from_context
@react
def main(reactor):
k8s = network_kubernetes_from_context(reactor, u"minikube")
client = k8s.client()
d = client.list(v1.Namespace)
d.addCallback(print)
return d
You can download txkube from PyPI <https://pypi.python.org/pypi> (
https://pypi.python.org/pypi).
You can contribute to its development on GitHub
<https://github.com/LeastAuthority/txkube> (
https://github.com/LeastAuthority/txkube).
Thanks to Least Authority Enterprises <https://leastauthority.com/> (
https://leastauthority.com/) for sponsoring this development.
Jean-Paul Calderone
http://as.ynchrono.us/
Hello all,
I'm pleased to announce the release of txAWS 0.3.0. txAWS is a library for
interacting with
Amazon Web Services (AWS) using Twisted.
You can download the release from PyPI <https://pypi.python.org/pypi/txAWS>
(https://pypi.python.org/pypi/txAWS).
txAWS development uses GitHub for issues and source control
<https://github.com/twisted/txaws> (https://github.com/twisted/txaws).
Since the last release, the following enhancements have been made:
- Jean-Paul Calderone added basic Route53 support.
- Mark Williams add Auth v4, now used by the S3 and Route53 support.
- Francisco Souza added support for VPCs to some EC2 APIs.
- Drew Smathers added multi-part S3 upload support.
- Several people added other S3 client features such as pagination and
streaming uploads.
- *txaws.testing* now provides S3 and Route53 support.
Additionally, the following APIs have been deprecated:
- The *client* attribute of *txaws.client.base.BaseQuery*
- The *date* attribute of *txaws.s3.client.Query*
Thanks to everyone who contributed and to Least Authority Enterprises
<https://leastauthority.com/> (<https://leastauthority.com/>) for
sponsoring my work on this release.
Jean-Paul Calderone