On Mon, Aug 31, 2020 at 4:58 PM L. Daniel Burr <ldanielburr@me.com> wrote:

Hi John,

I think you want https://twistedmatrix.com/documents/20.3.0/api/twisted.internet.ssl.CertificateOptions.html, specifically, you want to pass the "raiseMinimumTo" parameter,

Hope this helps,

L. Daniel Burr

On Aug 31, 2020, at 10:47 AM, John Aherne <johnaherne@rocs.co.uk> wrote:

I'm using twisted 20.3 and python3.6.8 and Windows 10

I'm using endpoint_description with a tac file to start up a server.

But I need to disable tls 1.0 and 1.1.

I was hoping to find a parameter I could pass in to make the system only recognise 1.2 and 1.3. But could not find anything that would do that. I thought sslmethod would be what I wanted but that is limited to :

Must be one of: "SSLv23_METHOD", "SSLv2_METHOD", "SSLv3_METHOD", "TLSv1_METHOD". If I choose TLSv1_METHOD, TLS1.0 and 1.1 are still enabled and QUALYS complains and downgrades the rating to B
In the end I found _defaultMinimumTLSVersion in _sslverify.py.

I set this to TLSVersion.TLSv1_2 and that seemed to do the trick.

But I don't think I should be doing that. I think I've missed some obvious place where I can pass in a value to change this.

Anyone know where I should be looking.

Thanks for any info

--
John Aherne

www.rocs.co.uk
020 7223 7567
_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Must be one of: "SSLv23_METHOD", "SSLv2_METHOD", "SSLv3_METHOD", "TLSv1_METHOD". If I choose TLSv1_METHOD, TLS1.0 and 1.1 are still enabled and QUALYS complains and downgrades the rating to B