PEM file use in secure websockets

[alamathe1]

More of a question that an issue.

Looking at one of your example on implementing a secure client and server, it is seen that the same localhost.pem file is distributed between the client and server. From a security standpoint, since client and the server and two separate entities, shouldn't their PEM file be different?

Example:

• https://github.com/python-websockets/websockets/blob/main/example/quickstart/server_secure.py
• https://github.com/python-websockets/websockets/blob/main/example/quickstart/client_secure.py

[aaugustin]

The point of these examples is just to show how to use an SSLContext. It doesn't aim at discussing best practices for managing TLS connections in general. I could add a sentence in the docs along the lines of "check Python's docs for best practices".