I'm using twisted web for an https connection. At first I start with creating and configuring a ssl.DefaultOpenSSLContextFactory derived class that disables SSLv2 and SSLv3. So (basically we're left with TLS1.0 and up) and forces the use of a single strong (non RC4 but BEAST vulnerable) cipher.
Than I have a http.HTTPFactory derived class with a 'buildProtocol'that return a http.HTTPChannel derived object, that in turn returns a http.Request derived object. Than reactor.listenSSL is invoked with both the SSL factory and the HTTP factory. Now my problem. I don't really understand how these two are connected once the request handler gets invoked. What I would like to do is that I would want to allow TLS1.0 users to use the server, but only after explicitly agreeing that they understand the risks involved with using an old BEAST vulnerable browser. Is there any way to retrieve info on what TLS version has been negotiated from within the HTTP request handler? I've been walking the 'self' object a bit, and self.transport.getHandle() seems to have some tls stuff like 'get_cipher_list' and 'get_peer_certificate', but the simple TLS version number does not seem to be available. Is the twisted web API simply insuficient to retreive this information from within the request handler, or am I missing something here? T.I.A, Rob _______________________________________________ Twisted-Python mailing list [email protected] http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
