neon SSL use with Twisted
Tom C
tomc.neon at pnl.gov
Thu Jan 7 22:04:06 EST 2010
On 1/7/2010 1:42 PM, Helge Heß wrote:
> Tom,
>
> just in case you want to give it a try yourself:
>
> cadaver https://XXXXXXXXXXXXXXXXXXXXX:XXXX
>
> Just doing that produces the issue.
>
> Thanks,
> Helge
>
>
You have your server configured to _only_ accept SSLv_3 hello messages
(it even rejects TLSv_1 hellos!). neon sends out SSLv_2 hello messages,
stating that it accepts TLSv_1, SSLv_3, and SSL_v2.
neon does not have an interface to adjust the hello version
Enable SSLv_23 in twisted and then disable the SSLv_2 protocol.
Quickly googling you need something like
ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.set_options(SSL.OP_NO_SSLv2)
in your server factory
More information about the neon
mailing list