Hi Axel, I don't know offhand how to produce a string that does what you want, but it will probably be much easier to instantiate the endpoint classes directly. https://twistedmatrix.com/documents/current/api/twisted.internet.endpoints.S... I think we're missing a SSL6ServerEndpoint, unfortunately. Also unfortunately, SSL4ServerEndpoint is an old-style API (it uses reactor.listenSSL underneath). It takes an IOpenSSLContextFactory that can customize the OpenSSL context arbitrarily. The new API, used by the ssl: client string syntax, is wrapClientTLS <https://twistedmatrix.com/documents/current/api/twisted.internet.endpoints.html#wrapClientTLS>. We don't have a wrapServerTLS yet, but it's definitely something we should have, if you're interested in adding it. You'd wrap that around TCP4ServerEndpoint and TCP6ServerEndpoint. ---Tom On Thu, Mar 26, 2020, at 12:24 PM, Axel Rau wrote:
Hi,
how can I convert the plugin code below to recent security level, to TLSv3, dhparams and extraCertChain ? Is OCSP stapling available in Twisted meanwhile?
Thanks, Axel
def makeService(self, options): """ makeService() returns an IService. twisted.internet.application.MultiService[1] is an IService that composes other services (it's an IServiceCollection). """ ipv4_server = endpoints.serverFromString( reactor, 'ssl:{}:privateKey={}:certKey={}:interface={}'.format( options['port'], endpoints.quoteStringArgument(options['cert_path']), endpoints.quoteStringArgument(options['key_path']), options['ipv4_address']))
ipv6_server = endpoints.serverFromString( reactor, 'ssl:{}:privateKey={}:certKey={}:interface={}'.format( options['port'], endpoints.quoteStringArgument(options['cert_path']), endpoints.quoteStringArgument(options['key_path']), endpoints.quoteStringArgument(options['ipv6_address'])))
ipv4 = internet.StreamServerEndpointService(ipv4_server, meteo_factory) ipv6 = internet.StreamServerEndpointService(ipv6_server, meteo_factory) root = MultiService() ipv4.setServiceParent(root) ipv6.setServiceParent(root) return root
serviceMaker = MeteoServiceMaker()
--- PGP-Key: CDE74120 ☀ computing @ chaos claudius
_______________________________________________ Twisted-web mailing list Twisted-web@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
*Attachments:* * signature.asc