On Mon, Jul 11, 2016 at 2:04 PM, Paweł Miech pawelmhm@gmail.com wrote:
- They say ciphers should be set to ssl_ciphers
EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
This long string does not mean much to me, but reading email from Amber again I see it differs slightly from what she says Twisted uses. But one thing I'm wondering about is how do you guys know which ciphers are set in Twisted? Looking into source code of DefaultOpenSSLContextFactory I see context is created here: https://github.com/twisted/twisted/blob/3455a902fb15e732ee43b59f4d82a66b1053... I dont see any point where there is a call that sets ciphers. Maybe this is done somewhere else? I tried grepping source for string mentioned by Amber but cant find it.
In an earlier e-mail you mentioned that you were using Python 3. Is that still true?
In the Windows Python 3 build which was recently enabled, I saw these warnings:
c:\buildslave\win2012r2-64-py3_5\Twisted\twisted\internet_sslverify.py:1799: DeprecationWarning: str for cipher_list is no longer accepted, use bytes c:\buildslave\win2012r2-64-py3_5\Twisted\twisted\internet_sslverify.py:1656: DeprecationWarning: str for buf is no longer accepted, use bytes c:\buildslave\win2012r2-64-py3_5\Twisted\twisted\internet_sslverify.py:1660: DeprecationWarning: str for cipher_list is no longer accepted, use bytes
I am not sure if this is related to your problem, but it struck me that you mentioned a problem with ciphers, and I saw this warning just now.
-- Craig