On Aug 17, 2018, at 9:24 AM, Sean DiZazzo <firstname.lastname@example.org> wrote:
Starting to look over the docs and I realize I might have just been able to incorporate the `optionsForClientTLS` into what I was already using.
I was using `reactor.connectSSL()` with a default ``ssl.ClientContextFactory()` so I think I can make my own sslClientContextFactory with `optionsForClientTLS(hostname=host)` and pass that in to connectSSL instead.
It would look something like this:
reactor.connectSSL(hostname, port, MyProtocolClientFactory(), optionsForClientTLS(hostname=hostname))
I'll give it a try and play around with it. If it doesn't work, I'll head back over to the endpoint examples.
This should indeed work for now, but adopting endpoints is a more forward-looking approach; "connectSSL" is a much less flexible API, and will hopefully someday be removed.
- You can't use connectSSL in combination with UNIX sockets
- When we (one day) have a client version of the PROXY endpoint, you won't be able to use that with connectSSL
- You can't do TLS-in-TLS tunneling with connectSSL for backhaul connections
It's just generally harder to switch to other secure transports if you're not using the endpoint APIs.
Thanks for using Twisted,