Mailman 3 August 2021 - Twisted-web

Twisted Web Agent configurable Elliptic Curves settings
by Paul Tremberth Dec. 16, 2021

Dec. 16, 2021

Hello, The other day, we had a Scrapy user report an issue connecting to https://www.skelbiu.lt/ with OpenSSL 1.1 [1] To not mix scrapy's things with Twisted Web, I used this (adapted from official docs): #--------------- from __future__ import print_function from twisted.internet import reactor from twisted.web.client import Agent from twisted.web.http_headers import Headers agent = Agent(reactor) d = agent.request( 'GET', 'https://www.skelbiu.lt/', Headers({'User-Agent': ['Twisted Web Client Example']}), None) def cbResponse(ignored): print('Response received') d.addCallback(cbResponse) def cbShutdown(ignored): print(ignored) reactor.stop() d.addBoth(cbShutdown) reactor.run() #--------------- And I did get a Handshake failure too: $ python twistedtest.py [Failure instance: Traceback (failure with no frames): <class 'twisted.web._newclient.ResponseNeverReceived'>: [<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]>] ] It seems this happens (at least) with OpenSSL 1.1.0e (currently in Debian 9 sid [2]) It does not happen (for me) with OpenSSL 1.0.2g for example. I dug into this this afternoon and narrowed it down to the use of _defaultCurveName = u"prime256v1" in twisted.internet._sslverify.py I tried patching the current trunk with _defaultCurveName = u"secp384r1" (the EC that ssllabs.com reports) and it did work. Looking at ClientHello messages for openssl 1.0.2 and 1.1 [4]: with 1.1, only 1 Elliptic Curve is sent by Twisted Web Agent, secp256r1 openssl v1.1 client uses 4 by default: ecdh_x25519, secp256r1, secp521r1, secp384r1 I was wondering what is the proper way to configure requested Elliptic Curves. I haven't seen any interface for this, contrary to ciphers with acceptableCiphers. Thank you for your input. Best, Paul. [1] https://github.com/scrapy/scrapy/issues/2717 [2] https://packages.debian.org/fr/source/sid/openssl [3] https://github.com/twisted/twisted/blob/78679af87e349721a167f35bef239e192e9… [4] https://github.com/scrapy/scrapy/issues/2717#issuecomment-297464034

2 2

Test
by Philippe Lafoucrière Aug. 5, 2021

Aug. 5, 2021

Hi all just a test

3 2

Migration to Python Org Mailing Lists hosting announcement
by Adi Roiban Aug. 3, 2021

Aug. 3, 2021

Hi, This is a quick message to let you know that the current mailing list service will migrate from the Twisted own hosted services to the mailing list service provided by the Python organization. The migration is scheduled to start on the 5th of Augusts, 2021 17:00 UTC time (10:00am PDT / 18:00 BST) The following email address will no longer be available: twisted-web(a)twistedmatrix.com The new address will be: twisted-web(a)python.org The new archive will be hosted at https://mail.python.org/archives/ All existing subscribers will be migrated. If you only interact with the mailing list using your email you only need to update your existing filters and update your email contact address for the list. The migration is expected to take about 3 hours. After the migration, Glyph plans to implemea an email redirection, so even if you will send emails to the old address we should still receive them. Subject to availability :) We also plan to redirect the old mailing list pages and archives to the new pages. This will also happen after the migration. Have a nice day... and talk to you soon on the new mailing list. PS: while we do the migration you can still get in touch using IRC on Libera #twisted channel Matrix/Gitter at https://gitter.im/twisted/twisted -- Adi Roiban

1 0