> On Nov 21, 2017, at 11:56 AM, Mark Williams <m...@enotuniq.org> wrote: > > Hello, > > Users of Twisted and OpenSSL 1.1 and 1.0.2 cannot connect to all HTTPS > sites because Twisted sets its own ECDH curve instead of using the > defaults selected by these versions of OpenSSL. > > The gory details are here: > https://twistedmatrix.com/trac/ticket/9210 > https://github.com/twisted/twisted/pull/927 > > The solution to this bug favored by an OpenSSL maintainer is to drop > support for OpenSSL versions before 1.0.2. I'm also in favor of this > because: > > - 1.0.2 is the oldest supported version of OpenSSL > - The ECDH curve selection code would be much simpler if we only > supported OpenSSL 1.0.2 > - cryptography wheels installed from PyPI include OpenSSL 1.1 > > Do you use the latest version of Twisted with OpenSSL 1.0.1? If so, do > the above reasons satisfy your concerns? > > Thanks!
I have one question: When I `pip install cryptography` on linux, do I presently get a self-contained manylinux1 wheel right now with a built-in OpenSSL, or do I need to care what my "distro" (or Docker base image) is shipping? -glyph _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
