[Twisted-Python] Clarification for IReactorSSL.ListenSSL(...)

Carl Waldbieser waldbie at attglobal.net
Sat Apr 10 12:59:46 EDT 2004


Trevor,

I will look into this.  I am not really familiar with how certificates are 
supposed to work from the client side of things, but it is definitely worth 
looking into.

The project I am working on is still in its very early stages, so integration 
is not so much of a problem.  I simply lack comprehensive knowledge on issues 
related to security, as well as implementation knowledge.

In a nutshell, we are attempting to pass some small but sensitive info 
(username/password) from a client in a DMZ to a server sitting in a trusted 
network.  Even without a strong background in computer security, I am able to 
recognize that that sounds pretty insecure, which is why I am exploring the 
possibility of XMLRPC over HTTPs.  

There are probably other ways of accomplishing this goal, too.  Originally, I 
was looking into Twisted.Conch, but I believe I read in the docs that it was 
not recommended for production use yet(?).

Thanks,
Carl Waldbieser

>On Saturday 10 April 2004 03:25 am, Trevor Perrin wrote:

>
> Generating a new key and self-signed cert with OpenSSL is really easy:
> http://www.openssl.org/docs/HOWTO/
>
> Then just pass these filenames, and it should work.
>
> >I want to use SSL because
> >I want two machines to be able to talk to each other without passing
> >sensitive data in the clear, so I am not sure if stuff like certificate
> >authorities really need to fit into the picture.
>
> If I was you, I wouldn't use CAs, but would have each side authenticate the
> other based on a fingerprint (i.e. the hash value of the other's
> certificate).
>
> I'm not sure how to do this with the Twisted's default SSL, but I've
> written a TLS library for Twisted that does this.  However, it may be a bit
> of effort to integrate in your particular app:
> http://trevp.net/tlslite/
>
>
> Trevor
>






More information about the Twisted-Python mailing list