Opened 7 years ago

Last modified 7 years ago

#6829 enhancement new

Add support for renegotiating TLS connections

Reported by: Andy Lutomirski Owned by:
Priority: normal Milestone:
Component: core Keywords:
Cc: Branch:

Description (last modified by habnabit)

It's currently possible to trigger a renegotiation using getHandle().renegotiate(), but this is not very useful for requesting client certificates: there's no way to wait for renegotiation to finish. There should probably be a TLSMemoryBIOProtocol.renegotiate() function that returns a Deferred.

The implementation would likely build upon the fix for #6024.

Change History (4)

comment:1 Changed 7 years ago by Andy Lutomirski

I mean #6024. Sigh.

comment:2 Changed 7 years ago by habnabit

Description: modified (diff)

comment:3 Changed 7 years ago by Jean-Paul Calderone

If there's TLSMemoryBIOProtocol.renegotiate() and it returns a Deferred then what happens when the peer initiates renegotiation?

comment:4 Changed 7 years ago by Andy Lutomirski

Presumably explicit support for peer-initiated renegotiation would need a different API. Maybe the protocol could implement some new interface.

Unless there's a clean way to support both styles of renegotation (and give the proper notifications to the protocol) with the same interface, this may be outside the scope of this ticket.

Note: See TracTickets for help on using tickets.