将Twisted中的TLS版本设置为1.2返回OpenSSL错误_Openssl_Twisted_Tls1.2

将Twisted中的TLS版本设置为1.2返回OpenSSL错误

openssl

将Twisted中的TLS版本设置为1.2返回OpenSSL错误,openssl,twisted,tls1.2,Openssl,Twisted,Tls1.2,这是我的扭曲反应堆： def main(): """Main reactor block, with SSL""" with open('configs/ssl/my_certificate.pem') as f: certdata = f.read() certificate = ssl.PrivateCertificate.loadPEM(certdata) # Previously the options were generated b

这是我的扭曲反应堆：

def main():
    """Main reactor block, with SSL"""
    with open('configs/ssl/my_certificate.pem') as f:
        certdata = f.read()

    certificate = ssl.PrivateCertificate.loadPEM(certdata)

    # Previously the options were generated by: certificate.options()
    options = ssl.CertificateOptions(privateKey=certificate.privateKey.original,
                                 certificate=certificate.original,
                                 raiseMinimumTo=ssl.TLSVersion.TLSv1_2,
                                 lowerMaximumSecurityTo=ssl.TLSVersion.TLSv1_2)

    factory = protocol.Factory.forProtocol(GMP)
    reactor.listenSSL(6060, factory, options)
    return defer.Deferred()

您可以看到，我试图将TLS版本设置为仅允许1_2，但我未能实现这一点。以前，我没有指定额外的证书选项，而是使用了

certificate.options（）

，一切都正常工作。这是我运行openssl进行测试时的结果：

[root@devtsm ~]# openssl s_client -connect localhost:6060 -tls1_2
CONNECTED(00000003)
140479663523728:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:s3_pkt.c:1493:SSL alert number 70
140479663523728:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:659:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)

我对TLS和OpenSSL非常陌生，所以我真的不知道自己在做什么。如果有任何帮助，我们将不胜感激。

应用了此更改，并且效果良好

lowerMaximumSecurityTo=ssl.TLSVersion.TLSv1_3

谁知道lowerMaxTo的意思是降低它，这样最大值就是低于这个值的值