On Jul 12, 2016, at 12:45 AM, Cory Benfield <email@example.com mailto:firstname.lastname@example.org> wrote:
On 11 Jul 2016, at 20:22, Glyph Lefkowitz <email@example.com mailto:firstname.lastname@example.org> wrote:
So pyOpenSSL/Cryptography doesn't have SSL_get_current_cipher anywhere?
get_current_cipher isn’t helpful. In particular, it puts us in an awkward place where we have a connection that has been negotiated for HTTP/2, but we cannot use it. The only action Twisted can meaningfully take at that point is to log and tear the connection down, which doesn’t really solve our problems.
We can do that, for sure, but it wouldn’t be much clearer than what happened here.
Just generally we should probably be logging this (at INFO or somesuch) regardless, so that interested parties can extract which cipher suites are actually in use. But perhaps not relevant to this problem, really.