On Aug 17, 2018, at 9:24 AM, Sean DiZazzo <sean.dizazzo@gmail.com> wrote:

Starting to look over the docs and I realize I might have just been able to incorporate the `optionsForClientTLS` into what I was already using. 

I was using `reactor.connectSSL()` with a default ``ssl.ClientContextFactory()` so I think I can make my own sslClientContextFactory with `optionsForClientTLS(hostname=host)` and pass that in to connectSSL instead.

It would look something like this:

reactor.connectSSL(hostname, port, MyProtocolClientFactory(), optionsForClientTLS(hostname=hostname))

I'll give it a try and play around with it.  If it doesn't work, I'll head back over to the endpoint examples.

This should indeed work for now, but adopting endpoints is a more forward-looking approach; "connectSSL" is a much less flexible API, and will hopefully someday be removed.

For example:

  1. You can't use connectSSL in combination with UNIX sockets
  2. When we (one day) have a client version of the PROXY endpoint, you won't be able to use that with connectSSL
  3. You can't do TLS-in-TLS tunneling with connectSSL for backhaul connections

It's just generally harder to switch to other secure transports if you're not using the endpoint APIs.

Thanks for using Twisted,