On 02/28/2012 06:42 PM, Tobias Oberstein wrote: > I was wondering how I could protect a Twisted server from evil clients > initiating, > but never completing a TLS handshake. > > connectionMade is only called when the TLS handshake has completed, right? > > When doing listenSSL, is there a hook which is fired right after the TCP > handshake is > complete, before the TLS handshake begins, so that I can setup a > callLater/dropConnection > timeout? > > This is the piece I am missing, since for TCP-level protection (Syn floods > etc), I can > use kernel parameters / kernel packet filtering, and for app-level protection > (I do WebSockets .. which also has a handshake) I can timeout that. > > I like to do above without requiring a frontend TLS terminator / firewall .. One thing to do (perhaps the easiest) is, instead of listenSSL, doing listenTCP and then startTLS in the protocol's connectionMade. This would let you set a timeout that calls abortConnection in connectionMade.
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
