Hello again everyone,
I bring you a prerelease of the Twisted 16.4.1 security fix release, thus deemed 16.4.1pre1. This release contains:
- A mitigation for SWEET32 (https://www.openssl.org/blog/blog/2016/08/24/sweet32/ https://www.openssl.org/blog/blog/2016/08/24/sweet32/). - The inclusion of ChaCha20 to our TLS cipher suite, providing your underlying OpenSSL supports it.
Please note that the SWEET32 mitigation will break TLS from IE on Windows XP. This shouldn't be an issue for you (hopefully), but if you need to support those poor XP using souls, you can add 3DES back to your CertificateOptions yourself.
As usual, it's available for download -- go here (https://twistedmatrix.com/Releases/pre/16.4.1pre1/ https://twistedmatrix.com/Releases/pre/16.4.1pre1/) to get the prerelease tarballs and the full NEWS file. If you want to install it right away, run:
Please let me know if you have any issues, as well as if you don't! If everything works well, that's a good thing for me to know :)
Have fun, and stay secure!
Twisted Regards, Amber Brown (HawkOwl)