[Twisted-Python] connectionMade, TLS and DoS protection timeouts

Tobias Oberstein tobias.oberstein at tavendo.de
Thu Mar 1 11:11:03 EST 2012

> >I was wondering how I could protect a Twisted server from evil clients
> >initiating, but never completing a TLS handshake.
> >
> >connectionMade is only called when the TLS handshake has completed,
> >right?
> Actually, this is not right.  It's sort of a wart, but connectionMade is called when
> the underlying TCP connection is established.  The TLS handshake will always
> complete at some later time.
> One reason we (or at least I) have not yet really tried to change this is that
> doing so would make it harder to address just the problem you're talking about.

Thanks for clarifying!

So I guess I'll be fine with triggering a callLater of drop/abortConnection in
connectionMade. Good. Less code changes.


More information about the Twisted-Python mailing list