Ticket #4854 enhancement closed fixed
Replace the implementation of IReactorSSL with one based on twisted.protocols.tls
|Reported by:||exarkun||Owned by:||exarkun|
(diff, github, buildbot, log)
The original implementation of IReactorSSL, shared amongst all reactors except for IOCP reactor, lets OpenSSL do all of the network operations, because that was the only way the pyOpenSSL bindings let them work.
More recently, pyOpenSSL began exposing an alternate OpenSSL API, which we now support in twisted.protocols.tls. This API lets us do all of the network operations and limits OpenSSL to just the crypto parts.
Finally, a benchmark shows that twisted.protocols.tls is actually comparable in performance to the IReactorSSL interface.
Since twisted.protocols.tls provides a struct superset of the functionality of IReactorSSL, we could implement the latter in terms of the former, removing some code in the process.
One possible issue is that pyOpenSSL 0.10 or newer is required for twisted.protocols.tls. This version of pyOpenSSL is a little over a year old, but may not yet be in widespread use. Possibly we should start by preferring a twisted.protocols.tls implementation of IReactorSSL, but falling back to the current implementation if necessary (for a while).