You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 13, 2021. It is now read-only.
Setting ourselves to a really restricted cipher list as mandated by the specification breaks on Ubuntu 12.04 because Ubuntu are fucking terrible. I've spent all of yesterday trying to fix this and come up blank, so I'm going to take a new option:
Add a HTTP20Connection property called 'strict TLS' (or similar), defaulting to True.
In HTTP20Connection.connect(), if that parameter is True, check the selected cipher.
Unfortunately, I can't do this yet because PyOpenSSL doesn't support checking the used cipher until 0.15, which isn't out yet. Sigh.
The text was updated successfully, but these errors were encountered:
I think this approach is OK because client cipher suites aren't authoritative anyway, the server makes the choice, so all I can really do is ensure that the server made a good choice.
Setting ourselves to a really restricted cipher list as mandated by the specification breaks on Ubuntu 12.04 because Ubuntu are fucking terrible. I've spent all of yesterday trying to fix this and come up blank, so I'm going to take a new option:
HTTP20Connection
property called 'strict TLS' (or similar), defaulting toTrue
.HTTP20Connection.connect()
, if that parameter isTrue
, check the selected cipher.Unfortunately, I can't do this yet because PyOpenSSL doesn't support checking the used cipher until 0.15, which isn't out yet. Sigh.
The text was updated successfully, but these errors were encountered: