On 28 Feb, 11:42 pm, tobias.oberst...@tavendo.de wrote: >I was wondering how I could protect a Twisted server from evil clients >initiating, >but never completing a TLS handshake. > >connectionMade is only called when the TLS handshake has completed, >right?
Actually, this is not right. It's sort of a wart, but connectionMade is called when the underlying TCP connection is established. The TLS handshake will always complete at some later time. One reason we (or at least I) have not yet really tried to change this is that doing so would make it harder to address just the problem you're talking about. Jean-Paul >When doing listenSSL, is there a hook which is fired right after the >TCP handshake is >complete, before the TLS handshake begins, so that I can setup a >callLater/dropConnection >timeout? > >This is the piece I am missing, since for TCP-level protection (Syn >floods etc), I can >use kernel parameters / kernel packet filtering, and for app-level >protection >(I do WebSockets .. which also has a handshake) I can timeout that. > >I like to do above without requiring a frontend TLS terminator / >firewall .. > >Thanks! > >\Tobias _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
