On Mar 3, 2018, at 2:38 PM, Justin Myles Holmes
wrote: I'm trying to bend a little bit of custom TLS - one possible use case for me is a HendrixDeploy object which uses an ethereum keypair to self-sign a certificate.
So I'm wondering: is it currently possible to use an ECC keypair for TLS with Twisted?
Here's what I've discovered:
twisted.internet.sssl.ContextFactory has a method, use_privatekey(). This thing wants an OpenSSL.crypto.PKey object. And, lo and behold, PKey offers a facility, from_cryptography_key(), which attempts to use a key from cryptography.io http://cryptography.io/, from whence I'm generating keys anyway. However, it expects an RSA or DSA key, not an EC or ECDSA key.
Glyph suggested that, instead of trying to handle PKeys myself, I might try loading PEM files with txsni or the like.
I can actually get txsni to work with my cert/keypair, but I don't seem to be able to get a client to connect. For example, Firefox tells me "SSL_ERROR_NO_CYPHER_OVERLAP".
I tried the same things with SSL4ServerEndpoint, and I get exactly the same thing - my protocol's dataReceived method is never run, no output appears in the console, but the client gets this same error.
I notice that there's an issue on PyOpenSSL which appears to address this:
Looks like your message was truncated before getting to the link :-). -glyph