* glyph@divmod.com <glyph@divmod.com> [2008-11-22 02:57:41 -0000]:
In other words, this really has nothing to do with Twisted, and everything to do with the fact that Debian should not be screwing around with OpenSSL. Have they already forgotten what happened last time?
Isn't this an upstream change?
OpenSSL CHANGES _______________
Changes between 0.9.8e and 0.9.8f [11 Oct 2007] [...] *) Add RFC4507 support to OpenSSL. This includes the corrections in RFC4507bis. The encrypted ticket format is an encrypted encoded SSL_SESSION structure, that way new session features are automatically supported.
If a client application caches session in an SSL_SESSION structure support is transparent because tickets are now stored in the encoded SSL_SESSION.
The SSL_CTX structure automatically generates keys for ticket protection in servers so again support should be possible with no application modification.
If a client or server wishes to disable RFC4507 support then the option SSL_OP_NO_TICKET can be set.
Add a TLS extension debugging callback to allow the contents of any client or server extensions to be examined.
This work was sponsored by Google. [Steve Henson]
I'll admit to lack of familiarity with OpenSSL, and this functionality in particular, so maybe I'm just confused. -- mithrandi, i Ainil en-Balandor, a faer Ambar