[Twisted-Python] Clarification for IReactorSSL.ListenSSL(...)
Carl Waldbieser
waldbie at attglobal.net
Sat Apr 10 10:59:46 MDT 2004
Trevor,
I will look into this. I am not really familiar with how certificates are
supposed to work from the client side of things, but it is definitely worth
looking into.
The project I am working on is still in its very early stages, so integration
is not so much of a problem. I simply lack comprehensive knowledge on issues
related to security, as well as implementation knowledge.
In a nutshell, we are attempting to pass some small but sensitive info
(username/password) from a client in a DMZ to a server sitting in a trusted
network. Even without a strong background in computer security, I am able to
recognize that that sounds pretty insecure, which is why I am exploring the
possibility of XMLRPC over HTTPs.
There are probably other ways of accomplishing this goal, too. Originally, I
was looking into Twisted.Conch, but I believe I read in the docs that it was
not recommended for production use yet(?).
Thanks,
Carl Waldbieser
>On Saturday 10 April 2004 03:25 am, Trevor Perrin wrote:
>
> Generating a new key and self-signed cert with OpenSSL is really easy:
> http://www.openssl.org/docs/HOWTO/
>
> Then just pass these filenames, and it should work.
>
> >I want to use SSL because
> >I want two machines to be able to talk to each other without passing
> >sensitive data in the clear, so I am not sure if stuff like certificate
> >authorities really need to fit into the picture.
>
> If I was you, I wouldn't use CAs, but would have each side authenticate the
> other based on a fingerprint (i.e. the hash value of the other's
> certificate).
>
> I'm not sure how to do this with the Twisted's default SSL, but I've
> written a TLS library for Twisted that does this. However, it may be a bit
> of effort to integrate in your particular app:
> http://trevp.net/tlslite/
>
>
> Trevor
>
More information about the Twisted-Python
mailing list