[CalendarServer-users] Protect against new SSL vuln
Glyph Lefkowitz
glyph at twistedmatrix.com
Fri Oct 17 16:01:39 PDT 2014
> On Oct 17, 2014, at 6:36 AM, Cyrus Daboo <cdaboo at apple.com> wrote:
>
> Hi Glyph,
>
> --On October 17, 2014 at 2:10:02 AM -0700 Glyph <glyph at twistedmatrix.com> wrote:
>
>> In a future version of Twisted there will be the ability to specify
>> minimum protocol version and excluded protocol version arguments, and
>> SSLv23_METHOD should hopefully fade away and disappear into an internal
>> implementation detail somewhere inside Twisted's TLS layer...
>
> A that's good. I was actually considering making that change myself in our calendar server code. Has this work started in Twisted?
I've just filed the first ticket about it recently: <http://twistedmatrix.com/trac/ticket/7685 <http://twistedmatrix.com/trac/ticket/7685>>, but I've been working quite a lot in the area of TLS this year, and most things have proceeded fairly quickly. I expect that I will have something started in the next couple of weeks; keep an eye on that ticket.
-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-users/attachments/20141017/3eec17c8/attachment.html>
More information about the calendarserver-users
mailing list