This repository has been archived by the owner on Jan 13, 2021. It is now read-only.

Cipher Checking #64

Open

Lukasa opened this issue Jun 23, 2014 · 2 comments

Labels

Bug

Member

Lukasa commented Jun 23, 2014

Setting ourselves to a really restricted cipher list as mandated by the specification breaks on Ubuntu 12.04 because Ubuntu are fucking terrible. I've spent all of yesterday trying to fix this and come up blank, so I'm going to take a new option:

Add a HTTP20Connection property called 'strict TLS' (or similar), defaulting to True.
In HTTP20Connection.connect(), if that parameter is True, check the selected cipher.

Unfortunately, I can't do this yet because PyOpenSSL doesn't support checking the used cipher until 0.15, which isn't out yet. Sigh.

The text was updated successfully, but these errors were encountered:

Lukasa added the Bug label

Member Author

Lukasa commented Jun 23, 2014

I think this approach is OK because client cipher suites aren't authoritative anyway, the server makes the choice, so all I can really do is ensure that the server made a good choice.

Lukasa added the Blocked Upstream label

Lukasa mentioned this issue

Bring hyper to draft-13 of HTTP/2. #63

Closed

16 tasks

Member Author

Lukasa commented Mar 16, 2015

I'm unblocking this because I think PyOpenSSL is basically dead now.

Lukasa removed the Blocked Upstream label

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.