[Twisted-web] Dynamic SSL context
Marek Habersack
grendel at caudium.net
Thu Aug 18 02:08:18 MDT 2005
On Thu, Aug 18, 2005 at 12:50:05AM -0400, Jp Calderone scribbled:
> On Wed, 17 Aug 2005 16:17:08 +0200, Marek Habersack <grendel at caudium.net>
> wrote:
> >Hello,
> >
> > I am wondering, is it possible with Twisted to delay creating the SSL
> >context till the connection time? I would need something like that to
> >support virtual hosts on the same interface:port with different SSL certs.
>
> Connection time is too early. You have to wait until you get the "Host"
> header to know which cert to pick for a vhosting server. And by then, it's
That's true, haven't thought about it
> too late! HTTP doesn't include a provision for negotiating transport layer
> security. Either you use SSL for everything or you use SSL for nothing.
>
> There are some experiments that add STARTTLS-like functionality to HTTP,
> but as far as I know, none are widely (>0.1% of clients) supported.
I guess that's what I was thinking about, didn't know it was that
uncommon yet. Is the STARTTLS-like thingie being standarized/is a standard?
thanks,
marek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://twistedmatrix.com/pipermail/twisted-web/attachments/20050818/520b46cc/attachment.bin
More information about the Twisted-web
mailing list