[Twisted-web] Dynamic SSL context

Jp Calderone exarkun at divmod.com
Wed Aug 17 22:50:05 MDT 2005

On Wed, 17 Aug 2005 16:17:08 +0200, Marek Habersack <grendel at caudium.net> wrote:
>  I am wondering, is it possible with Twisted to delay creating the SSL
>context till the connection time? I would need something like that to
>support virtual hosts on the same interface:port with different SSL certs.

Connection time is too early.  You have to wait until you get the "Host" header to know which cert to pick for a vhosting server.  And by then, it's too late!  HTTP doesn't include a provision for negotiating transport layer security.  Either you use SSL for everything or you use SSL for nothing.

There are some experiments that add STARTTLS-like functionality to HTTP, but as far as I know, none are widely (>0.1% of clients) supported.


More information about the Twisted-web mailing list