[Twisted-Python] Aborting a connection attempt when HTTPS client detected on HTTP only server?

Michael Schlenker msc at contact.de
Mon Feb 11 09:24:44 EST 2013


I have a probably small issue i need to solve:

There is some kind of client that tries a HTTPS connection first and
falls back to HTTP if it does not work/times out, because the server
does not support SSL. (yes, i know that logic/procedure is kind of
stupid from a security point of view, but sadly i cannot change it).

When the server is proxied by Apache, this leads to immediate abortion
of the connection, but when i connect directly to the server built with
Twisted web module, it hangs until a timeout. The client in this case is
some libcurl based C++ code using the Windows SChannel SSL API.

I now want to have it fail immediately with Twisted too, instead of
waiting for the SSL layer on the client side to time out.

I found some patch that handles the inverse problem (detect HTTP to
HTTPS port):

Is there some pre-made solution, or would i have to hook into the
connection setup of twisted.web and check the first few bytes for the
signs of an SSL Handshake signature?


Michael Schlenker
Software Architect

CONTACT Software GmbH           Tel.:   +49 (421) 20153-80
Wiener Straße 1-3               Fax:    +49 (421) 20153-41
28359 Bremen
http://www.contact.de/          E-Mail: msc at contact.de

Sitz der Gesellschaft: Bremen
Geschäftsführer: Karl Heinz Zachries, Ralf Holtgrefe
Eingetragen im Handelsregister des Amtsgerichts Bremen unter HRB 13215

More information about the Twisted-Python mailing list