Run using `python echo_with_ssl_chain.py <path to key> <path to certificate> <path to chain file>`, test using `openssl s_client -connect localhost:8000 -tls1`.

echo_with_ssl_chain.py

import sys

from twisted.internet import ssl, reactor
from twisted.internet.protocol import Protocol, Factory
from twisted.python import log
from twisted.python.filepath import FilePath


class Echo(Protocol):
    def dataReceived(self, data):
        self.transport.write(data)


def main(keyPath, certPath, chainPath):
    cert = ssl.PrivateCertificate.loadPEM(
        FilePath(keyPath).getContent() + FilePath(certPath).getContent()
    )
    chainCert = ssl.Certificate.loadPEM(FilePath(chainPath).getContent())

    opts = ssl.CertificateOptions(
        privateKey=cert.privateKey.original,
        certificate=cert.original,
        extraCertChain=[chainCert.original],
    )

    log.startLogging(sys.stdout)
    factory = Factory()
    factory.protocol = Echo
    reactor.listenSSL(8000, factory, opts)
    reactor.run()


if __name__ == '__main__':
    raise SystemExit(main(*sys.argv[1:]))

echo_with_ssl_chain_strports.py

import sys

from twisted.application.internet import StreamServerEndpointService
from twisted.internet import reactor
from twisted.internet.endpoints import serverFromString
from twisted.internet.protocol import Protocol, Factory
from twisted.python import log


class Echo(Protocol):
    def dataReceived(self, data):
        self.transport.write(data)


def main(keyPath, certPath, chainPath):
    log.startLogging(sys.stdout)
    strport = ('ssl:8000:privateKey=%s:certKey=%s:extraCertChain=%s' %
               (keyPath, certPath, chainPath))
    server = serverFromString(reactor, strport)
    factory = Factory()
    factory.protocol = Echo
    serverService = StreamServerEndpointService(server, factory)
    serverService.startService()
    reactor.run()


if __name__ == '__main__':
    raise SystemExit(main(*sys.argv[1:]))