|
Title: OpenSSL ciphers and App Engine Post by: Gavin Andresen on October 22, 2010, 04:06:08 PM I spent way too many hours yesterday trying to figure out why my Google App Engine code couldn't urlfetch from my -rpcssl bitcoin process, so I'm posting this to hopefully save somebody else from the frustration.
I made Bitcoin's HTTPS-JSON-RPC code fussy about what openssl ciphers it supports on purpose; by default, it doesn't accept SSLV1 connections or older, weaker ciphers or hashing algorithms (like single-DES and MD5). Surprisingly, Google's App Engine urlfetch service currently ONLY supports RC4/DES/MD5/SHA, so, by default, App Engine can't talk via https to Bitcoin. The workaround is easy (use the -rpcsslciphers= option to override the ciphers bitcoin will accept), and I'll document this on the rpcssl wiki page (http://www.bitcoin.org/wiki/doku.php?id=rpcssl). And hopefully Google will get with the program and support better encryption... Title: Re: OpenSSL ciphers and App Engine Post by: ByteCoin on October 28, 2010, 03:23:37 PM Thanks for that. You might feel that you're mailing this stuff into a void but I have taken note for my own project and I appreciate not having to work it out for myself.
ByteCoin |