[Twisted-Python] connectionMade, TLS and DoS protection timeouts
28 Feb
2012
28 Feb
'12
11:42 p.m.
I was wondering how I could protect a Twisted server from evil clients initiating, but never completing a TLS handshake. connectionMade is only called when the TLS handshake has completed, right? When doing listenSSL, is there a hook which is fired right after the TCP handshake is complete, before the TLS handshake begins, so that I can setup a callLater/dropConnection timeout? This is the piece I am missing, since for TCP-level protection (Syn floods etc), I can use kernel parameters / kernel packet filtering, and for app-level protection (I do WebSockets .. which also has a handshake) I can timeout that. I like to do above without requiring a frontend TLS terminator / firewall .. Thanks! \Tobias
4431
Age (days ago)
4433
Last active (days ago)
5 comments
3 participants
participants (3)
-
exarkun@twistedmatrix.com
-
Itamar Turner-Trauring
-
Tobias Oberstein