[Twisted-web] Dynamic SSL context

Marek Habersack grendel at caudium.net
Thu Aug 18 02:08:18 MDT 2005

On Thu, Aug 18, 2005 at 12:50:05AM -0400, Jp Calderone scribbled:
> On Wed, 17 Aug 2005 16:17:08 +0200, Marek Habersack <grendel at caudium.net> 
> wrote:
> >Hello,
> >
> > I am wondering, is it possible with Twisted to delay creating the SSL
> >context till the connection time? I would need something like that to
> >support virtual hosts on the same interface:port with different SSL certs.
> Connection time is too early.  You have to wait until you get the "Host" 
> header to know which cert to pick for a vhosting server.  And by then, it's 
That's true, haven't thought about it

> too late!  HTTP doesn't include a provision for negotiating transport layer 
> security.  Either you use SSL for everything or you use SSL for nothing.
> There are some experiments that add STARTTLS-like functionality to HTTP, 
> but as far as I know, none are widely (>0.1% of clients) supported.
I guess that's what I was thinking about, didn't know it was that
uncommon yet. Is the STARTTLS-like thingie being standarized/is a standard?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://twistedmatrix.com/pipermail/twisted-web/attachments/20050818/520b46cc/attachment.bin

More information about the Twisted-web mailing list