docs: improve pyopenssl docs in deploy.rst#2031
docs: improve pyopenssl docs in deploy.rst#2031ktdreyer wants to merge 1 commit intocherrypy:mainfrom
Conversation
Update the docs to say that "builtin" is now the default backend.
Give Python examples of how to set both backends ("builtin" and
"pyopenssl".)
|
With the simple "hello world" application, I get better performance with the pyopenssl backend (testing in a container on localhost) so I think that's the main reason users would choose pyopenssl now. Is that right? |
|
I'm not sure. I think many people just put it behind a reverse proxy instead of handling TLS in-app. I have a feeling that the pyopenssl integration is a bit more buggy as of the last Cheroot release. I dream of having enough time to refactor both adapters.. |
|
Would you please merge this? It makes it much clearer that |
|
|
||
| .. code-block:: bash | ||
|
|
||
| $ pip install cython, pyOpenSSL |
There was a problem hiding this comment.
Does this syntax with a comma event work? Also, it's unlikely to have any effect these days.
|
|
||
| cherrypy.server.ssl_module = 'builtin' | ||
|
|
||
| b) *pyOpenSSL*. Because python did not have a built-in SSL library when CherryPy was first created, the default setting is to use pyOpenSSL. To use it you'll need to install it (we could recommend you install `cython <http://cython.org/>`_ first): |
There was a problem hiding this comment.
I think, it'd be good to keep the historic reference regarding why it was added. Also, I'm not sure if the performance bit is noticeable. Technically, both are implemented as C-extensions linking against some OpenSSL version.
I'd drop the mention of Cython too since pyOpenSSL is a pure-python wheel and cyptography ships pre-built wheels — one would have to go out of their way to force it to build from sdist, which would pick up an isolated version of Cython anyway.
| 3. Decide whether you want to use python's built-in SSL library, or the pyOpenSSL library. CherryPy supports either. | ||
|
|
||
| a) *Built-in.* To use python's built-in SSL, add the following line to your CherryPy config: | ||
| a) *Built-in.* CherryPy uses Python's built-in SSL by default. To set it explicitly, set this line in your CherryPy config: |
There was a problem hiding this comment.
It seems like there's at least one place where builtin is not the default:
Plus, there's another place that would need to be cleaned up for this docs change to make sense:
Update the docs to say that
builtinis now the default backend.Give Python examples of how to set both backends (
builtinandpyopenssl.)What kind of change does this PR introduce?