On Fri, Nov 21, 2008 at 01:20:59PM -0500, Itamar Shtull-Trauring wrote:
On Thu, 2008-11-20 at 17:00 -0700, Jack Moffitt wrote:
I would like to propose that #3463 (http://twistedmatrix.com/trac/ticket/3463) be additionally committed to the 8.1 branch and any other branches that still get point releases. It is a pretty critical workaround which fixes the fact that recent OpenSSL libraries cannot connect to Java based services.
Why not request relevant distros to do an openssl bugfix and backport? It'd help more people than just twisted users.
Because it is actually a bug in Java, not in OpenSSL. It is just that recent OpenSSL versions enable a feature (Session Tickets) that is standards-wise backwards compatible. Arguably, distributions could choose to not enable the feature by default, but that doesn't have my preference. This change adds a option to choose if the feature is used, and disables it by default because there is no further support in our SSL code for it and it immediately helps fix a problem that I don't think will be resolved server-side any time soon. -- Groetjes, ralphm