[Vortex] TLS listener and profiles

Jason Dana jdana at tresys.com
Mon Mar 28 16:11:00 CEST 2011


I am attempting to construct a Vortex listener that can and will only
accept TLS connections.  Currently I am able to make it so that the
client is setup for TLS by default and the connection will fail unless
TLS is accepted.  But, I have yet to determine if it possible to
restrict the listener in this way.  It appears that there is no way to
circumvent the initial insecure connection and establish an immediate
secure connection.  Is this true?

Alternatively, I require that upon connection, no profiles are available
until a TLS connection has been created.  I have attempted creating
checks on connection attempts in order to verify that the connection is
TLSfied before I register the profile(s).  But, it appears the
connection object is not available for this check immediately after
TLSfication and is only available upon subsequent data transmission
(such as a channel creation) from the client.  This is undesirable as
any profiles would need to be created before a channel can be created,
allowing any insecure connection immediate access to the profiles.
Could you possibly steer me in the proper direction?

Thank you in advance!


More information about the Vortex mailing list