On Aug 17, 2018, at 9:24 AM, Sean DiZazzo <sean.diza...@gmail.com> wrote:
>
> Starting to look over the docs and I realize I might have just been able to
> incorporate the `optionsForClientTLS` into what I was already using.
>
> I was using `reactor.connectSSL()` with a default
> ``ssl.ClientContextFactory()` so I think I can make my own
> sslClientContextFactory with `optionsForClientTLS(hostname=host)` and pass
> that in to connectSSL instead.
>
> It would look something like this:
>
> reactor.connectSSL(hostname, port, MyProtocolClientFactory(),
> optionsForClientTLS(hostname=hostname))
>
> I'll give it a try and play around with it. If it doesn't work, I'll head
> back over to the endpoint examples.
This should indeed work for now, but adopting endpoints is a more
forward-looking approach; "connectSSL" is a much less flexible API, and will
hopefully someday be removed.
For example:
You can't use connectSSL in combination with UNIX sockets
When we (one day) have a client version of the PROXY endpoint, you won't be
able to use that with connectSSL
You can't do TLS-in-TLS tunneling with connectSSL for backhaul connections
It's just generally harder to switch to other secure transports if you're not
using the endpoint APIs.
Thanks for using Twisted,
-glyph
_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
