>
In an earlier e-mail you mentioned that you were using Python 3. Is that still true?
I can reproduce this in Python 2.7.11 and Python 3.5.2. In both of them Chrome responds with ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY. When I test with curl with verbose flag I see that it also shows information about ciphers used:
Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
...
SSL connection using TLSv1.2 / AES256-GCM-SHA384
One thing to note is that I use DefaultOpenSSLContextFactory and do something like this:
context_factory = DefaultOpenSSLContextFactory("key.pem", "cert.pem")
reactor.listenSSL(8080, site, context_factory)
certData = getModule(__name__).filePath.sibling('server.pem').getContent()
certificate = ssl.PrivateCertificate.loadPEM(certData)
factory = protocol.Factory.forProtocol(echoserv.Echo)
reactor.listenSSL(8000, factory, certificate.options())
but those code samples from docs appeared broken. I was not able to run them I was planning to review those docs later, find out what is wrong and create PR for that.
Is it possible that using DefaultOpenSSLContextFactory instead of certificate.options() affects something here? I can see my Twisted-SSL code works ok in Chrome with HTTP 1.1 ( I can see green "secure" icon in url bar and confirm that requests flies all right with ssl in dev tools) only fails with HTTP2. This seems to suggest that using DefaultSSLContextFactory is ok (even if it's not documented officially), but maybe execution path is different for contextFactory and certificate.options()?