[CalendarServer-users] Protect against new SSL vuln

Glyph Lefkowitz glyph at twistedmatrix.com
Fri Oct 17 16:01:39 PDT 2014

> On Oct 17, 2014, at 6:36 AM, Cyrus Daboo <cdaboo at apple.com> wrote:
> Hi Glyph,
> --On October 17, 2014 at 2:10:02 AM -0700 Glyph <glyph at twistedmatrix.com> wrote:
>> In a future version of Twisted there will be the ability to specify
>> minimum protocol version and excluded protocol version arguments, and
>> SSLv23_METHOD should hopefully fade away and disappear into an internal
>> implementation detail somewhere inside Twisted's TLS layer...
> A that's good. I was actually considering making that change myself in our calendar server code. Has this work started in Twisted?

I've just filed the first ticket about it recently: <http://twistedmatrix.com/trac/ticket/7685 <http://twistedmatrix.com/trac/ticket/7685>>, but I've been working quite a lot in the area of TLS this year, and most things have proceeded fairly quickly.  I expect that I will have something started in the next couple of weeks; keep an eye on that ticket.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-users/attachments/20141017/3eec17c8/attachment.html>

More information about the calendarserver-users mailing list