txsni breaks protocol negotiation.

[Lukasa]

In Twisted 16.3 we added IProtocolNegotiationFactory, which TLSMemoryBIOProtocol uses to determine what protocols (if any) should be negotiated via ALPN/NPN. TLSMemoryBIOProtocol does this when _createConnection fires, potentially setting callbacks and data on the context returned by calling .getContext() on the the connection object from serverConnectionForTLS.

Unfortunately, txsni potentially swaps out the TLS contexts midway through the TLS handshake. This means that the callbacks and data that TLSMemoryBIOProtocol sets are only ever set on the default TLS context: the others, potentially swapped in later in the connection process, do not have this data provided to them.

This means that, in practice, txsni and protocol negotiation do not work together.

[Lukasa]

This is a symptom of a more general case: anything outside the default values set by CertificateOptions that is set before the handshake starts will be lost. txsni provides no way to provide a default configuration to its objects, nor does it persist any configuration.