#5015 enhancement new
Add an API which makes it easy to start (and stop) speaking TLS over an arbitrary transport
|Reported by:||Jean-Paul Calderone||Owned by:|
Description (last modified by )
For historical reasons, we have
ITLSTransport. There was no way to implement this functionality except directly with the support of the reactor.
twisted.protocols.tls, we now have an implementation that is independent of any TLS-specific support in the reactor. However,
twisted.protocols.tls is very geared towards being used to replace
listenSSL. It is possible to use it to replace
- It's complicated. There is an unfortunate special case in
twisted.protocols.tlsto deal with this (the
- The very nature of
ITLSTransportrequires direct support from the reactor. Outside code cannot (cleanly) add a
startTLSmethod to an arbitrary transport.
Instead, to remove the need to have support in the reactor, it would be nice to have an API like this:
class SomeProtocol(Protocol): def dataReceived(self, bytes): if somecondition(): tls = TLSTransport(ctx, self.transport, self) self.transport.switchProtocol(tls) self.transport = tls # Perhaps also... self.transport.handshake()
These details might even all be wrapped up inside an even simpler helper API:
class SomeProtocol(Protocol): def dataReceived(self, bytes): if somecondition(): self.transport = startTLS(ctx, self.transport, self)
The details might differ, but importantly an API like this can be implemented entirely outside the reactor, except for the new
switchProtocol method (proposed already in #3204).
This has other nice properties.
- Compared to the current APIs and implementation, it's easier to see how stacking works.
- Buffering is simplified because the original transport and the TLS transport are separate objects each dealing with buffering on their own.
- TLS shutdown without underlying transport shutdown is more obvious, since it just means going back to the original transport and discarding the TLS transport.