New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use of TLS_METHOD forces requirement of pyOpenSSL >= 21.0 #11778
Comments
I'm impacted by this as well. |
Hi, Thanks for the report. I am not sure what is the cause of this issue here. From what I can see, for the 22.10.0 release, Twisted requires Is this not enough? I think a fallback can be accepted, but someone will need to work on that fallback. Cheers |
It is requirement but since it is an extra it is likely is not (and cannot) enforced. I imagine these issues come from packaging from source without using pip. I know it's a tricky line to tread with dependencies and security but I am concerned with the hard requirement for such a important dependency, with minimum version not even a year old at the time of merge, when the previous minimum version was from 2016. |
If the problem is that folks are upgrading to a new version of Twisted incorrectly then -- apart from suggesting that they install it correctly -- is there something wrong with suggesting that they also upgrade to a new version of pyOpenSSL? That is, is there some situation in which it is possible to upgrade Twisted and not pyOpenSSL? |
Upgrading to pyOpenSSL 22 did not resolve this error for me. Downgrading Twisted to 22.4 did. |
I don't know why this would be. pyOpenSSL 22 unconditionally defines https://github.com/pyca/pyopenssl/blob/22.0.0/src/OpenSSL/SSL.py#L145 Are you sure you upgraded pyOpenSSL successfully and in the right Python environment? If so, can you share instructions for reproducing this result? |
I'm using twisted/klein. In my environment I have pyOpenSSL 22, and I got the |
Thanks - however, these aren't instructions for reproducing your results. How did you get "your environment"? Here's an example:
|
The same thing happens on FreeBSD 13.1 currently with synapse (matrix homeserver) install. It pulls I'll notify the maintainer as well. |
Same issue today on new install of a PI with:
Same error when trying http example:
Works fine after forcing an upgrade of pyopenssl:
then no more error.... hoping it help other people. Also, i think on a different Pi it may work but since i use a Pi Zero I'm force to use "Pi OS (Legacy)" |
I don't think that we are going to support downgrading security-critical dependencies such as pyOpenSSL to versions that are multiple years old. This seems like a problem for raspberry pi's maintainers to sort out. If there's something we can do to make this easier, I'd be happy to explore it, but as stated (support older versions of pyOpenSSL) this is not something Twisted is going to do. |
A Deluge user running Debian 10 on Raspberry pi 4 reported the following failure:
A bit of searching also found a FreeBSD issue: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268043
The issue stems from replacing deprecated TLS version references but TLS_METHOD was only added to pyOpenSSL 21.0.0 in
pyca/pyopenssl@5dc6988 released Sep '21 last year.
Would a fallback be considered to accommodate those on older versions of pyOpenSSL to
TLSv1_2_METHOD
?In the meantime I will suggest users to either upgrade pyOpenSSL >= 21 or downgrade Twisted <= 22.4
The text was updated successfully, but these errors were encountered: