[Twisted-web] Dynamic SSL context
Jp Calderone
exarkun at divmod.com
Wed Aug 17 22:50:05 MDT 2005
On Wed, 17 Aug 2005 16:17:08 +0200, Marek Habersack <grendel at caudium.net> wrote:
>Hello,
>
> I am wondering, is it possible with Twisted to delay creating the SSL
>context till the connection time? I would need something like that to
>support virtual hosts on the same interface:port with different SSL certs.
Connection time is too early. You have to wait until you get the "Host" header to know which cert to pick for a vhosting server. And by then, it's too late! HTTP doesn't include a provision for negotiating transport layer security. Either you use SSL for everything or you use SSL for nothing.
There are some experiments that add STARTTLS-like functionality to HTTP, but as far as I know, none are widely (>0.1% of clients) supported.
Jp
More information about the Twisted-web
mailing list