I was wondering how I could protect a Twisted server from evil clients initiating,
but never completing a TLS handshake.
connectionMade is only called when the TLS handshake has completed, right?
When doing listenSSL, is there a hook which is fired right after the TCP handshake is
complete, before the TLS handshake begins, so that I can setup a callLater/dropConnection
timeout?
This is the piece I am missing, since for TCP-level protection (Syn floods etc), I can
use kernel parameters / kernel packet filtering, and for app-level protection
(I do WebSockets .. which also has a handshake) I can timeout that.
I like to do above without requiring a frontend TLS terminator / firewall ..
Thanks!
\Tobias