Home | Trees | Indices | Help |
---|
|
This module implements the SSL functionality in NSS
This API should be used to control SSL 3.0 & TLS support instead of the older SSLSocket.set\_ssl\_option() API; however, SSLSocket.set\_ssl\_option() API MUST still be used to control SSL 2.0 support. In this version of libssl, SSL 3.0 and TLS 1.0 are enabled by default. Future versions of libssl may change which versions of the protocol are enabled by default.
The protocol_variant enums (SSL_VARIANT_STREAM, SSL_VARIANT_DATAGRAM) indicates whether the protocol is of type stream or datagram. This must be provided to the functions that do not take an fd. Functions which take an fd will get the variant from the fd.
Using the new version range API in conjunction with the older SSLSocket.set\_ssl\_option() API for controlling the enabled protocol versions may cause unexpected results. Going forward, we guarantee only the following:
SSLSocket.get_ssl_option(ssl.SSL_ENABLE_TLS) will return True if ANY versions of TLS are enabled.
SSLSocket.set_ssl_option(ssl.SSL_ENABLE_TLS, False) will disable ALL versions of TLS, including TLS 1.0 and later.
The above two properties provide compatibility for applications that use SSLSocket.set\_ssl\_option() to implement the insecure fallback from TLS 1.x to SSL 3.0.
SSLSocket.set_ssl_option(ssl.SSL_ENABLE_TLS, True) will enable TLS 1.0, and may also enable some later versions of TLS, if it is necessary to do so in order to keep the set of enabled versions contiguous. For example, if TLS 1.2 is enabled, then after SSLSocket.set_ssl_option(ss.SSL_ENABLE_TLS, True), TLS 1.0, TLS 1.1, and TLS 1.2 will be enabled, and the call will have no effect on whether SSL 3.0 is enabled. If no later versions of TLS are enabled at the time SSLSocket.set_ssl_option(ssl.SSL_ENABLE_TLS, True) is called, then no later versions of TLS will be enabled by the call.
SSLSocket.set_ssl_option(ssl.SSL_ENABLE_SSL3, False) will disable SSL 3.0, and will not change the set of TLS versions that are enabled.
SSLSocket.set_ssl_option(ssl.SSL_ENABLE_SSL3, True) will enable SSL 3.0, and may also enable some versions of TLS if TLS 1.1 or later is enabled at the time of the call, the same way SSLSocket.set_ssl_option(ssl.SSL_ENABLE_TLS, True) works, in order to keep the set of enabled versions contiguous.
|
|||
SSLChannelInfo SSLChannelInformation(obj) |
|||
SSLCipherSuiteInfo SSLCipherSuiteInformation(obj) |
|||
SSLSocket SSLSocket(family=PR_AF_INET, type=PR_DESC_SOCKET_TCP) |
|
|||
|
|||
|
|||
|
|||
|
|||
policy |
|
||
SSLCipherSuiteInfo |
|
||
enabled |
|
||
(min_version, max_version) |
|
||
int |
|
||
|
|||
Object |
|
||
(min_version, max_version) |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
int |
|
||
string |
|
||
int |
|
||
string |
|
|
|||
SRTP_AES128_CM_HMAC_SHA1_32 = 2
|
|||
SRTP_AES128_CM_HMAC_SHA1_80 = 1
|
|||
SRTP_NULL_HMAC_SHA1_32 = 6
|
|||
SRTP_NULL_HMAC_SHA1_80 = 5
|
|||
SSL_ALLOWED = 1
|
|||
SSL_BYPASS_PKCS11 = 16
|
|||
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 7
|
|||
SSL_CK_DES_64_CBC_WITH_MD5 = 6
|
|||
SSL_CK_IDEA_128_CBC_WITH_MD5 = 5
|
|||
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 4
|
|||
SSL_CK_RC2_128_CBC_WITH_MD5 = 3
|
|||
SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 2
|
|||
SSL_CK_RC4_128_WITH_MD5 = 1
|
|||
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 17
|
|||
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19
|
|||
SSL_DHE_DSS_WITH_DES_CBC_SHA = 18
|
|||
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 20
|
|||
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22
|
|||
SSL_DHE_RSA_WITH_DES_CBC_SHA = 21
|
|||
SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 25
|
|||
SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 23
|
|||
SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA = 27
|
|||
SSL_DH_ANON_WITH_DES_CBC_SHA = 26
|
|||
SSL_DH_ANON_WITH_RC4_128_MD5 = 24
|
|||
SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 11
|
|||
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13
|
|||
SSL_DH_DSS_WITH_DES_CBC_SHA = 12
|
|||
SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 14
|
|||
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 16
|
|||
SSL_DH_RSA_WITH_DES_CBC_SHA = 15
|
|||
SSL_ENABLE_FDX = 11
|
|||
SSL_ENABLE_SSL2 = 7
|
|||
SSL_ENABLE_SSL3 = 8
|
|||
SSL_ENABLE_TLS = 13
|
|||
SSL_EN_DES_192_EDE3_CBC_WITH_MD5 = 65287
|
|||
SSL_EN_DES_64_CBC_WITH_MD5 = 65286
|
|||
SSL_EN_IDEA_128_CBC_WITH_MD5 = 65285
|
|||
SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 = 65284
|
|||
SSL_EN_RC2_128_CBC_WITH_MD5 = 65283
|
|||
SSL_EN_RC4_128_EXPORT40_WITH_MD5 = 65282
|
|||
SSL_EN_RC4_128_WITH_MD5 = 65281
|
|||
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA = 29
|
|||
SSL_FORTEZZA_DMS_WITH_NULL_SHA = 28
|
|||
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA = 30
|
|||
SSL_HANDSHAKE_AS_CLIENT = 5
|
|||
SSL_HANDSHAKE_AS_SERVER = 6
|
|||
SSL_LIBRARY_VERSION_2 = 2
|
|||
SSL_LIBRARY_VERSION_3_0 = 768
|
|||
SSL_LIBRARY_VERSION_TLS_1_0 = 769
|
|||
SSL_LIBRARY_VERSION_TLS_1_1 = 770
|
|||
SSL_LIBRARY_VERSION_TLS_1_2 = 771
|
|||
SSL_LIBRARY_VERSION_TLS_1_3 = 772
|
|||
SSL_NOT_ALLOWED = 0
|
|||
SSL_NO_CACHE = 9
|
|||
SSL_NO_LOCKS = 17
|
|||
SSL_NO_STEP_DOWN = 15
|
|||
SSL_NULL_WITH_NULL_NULL = 0
|
|||
SSL_REQUEST_CERTIFICATE = 3
|
|||
SSL_REQUIRE_ALWAYS = 1
|
|||
SSL_REQUIRE_CERTIFICATE = 10
|
|||
SSL_REQUIRE_FIRST_HANDSHAKE = 2
|
|||
SSL_REQUIRE_NEVER = 0
|
|||
SSL_REQUIRE_NO_ERROR = 3
|
|||
SSL_RESTRICTED = 2
|
|||
SSL_ROLLBACK_DETECTION = 14
|
|||
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 8
|
|||
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6
|
|||
SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3
|
|||
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 65279
|
|||
SSL_RSA_FIPS_WITH_DES_CBC_SHA = 65278
|
|||
SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA = 65504
|
|||
SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA = 65505
|
|||
SSL_RSA_WITH_3DES_EDE_CBC_SHA = 10
|
|||
SSL_RSA_WITH_DES_CBC_SHA = 9
|
|||
SSL_RSA_WITH_IDEA_CBC_SHA = 7
|
|||
SSL_RSA_WITH_NULL_MD5 = 1
|
|||
SSL_RSA_WITH_NULL_SHA = 2
|
|||
SSL_RSA_WITH_RC4_128_MD5 = 4
|
|||
SSL_RSA_WITH_RC4_128_SHA = 5
|
|||
SSL_SECURITY = 1
|
|||
SSL_SECURITY_STATUS_NOOPT = -1
|
|||
SSL_SECURITY_STATUS_OFF = 0
|
|||
SSL_SECURITY_STATUS_ON_HIGH = 1
|
|||
SSL_SECURITY_STATUS_ON_LOW = 2
|
|||
SSL_SOCKS = 2
|
|||
SSL_V2_COMPATIBLE_HELLO = 12
|
|||
SSL_VARIANT_DATAGRAM = 1
|
|||
SSL_VARIANT_STREAM = 0
|
|||
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 99
|
|||
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 101
|
|||
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 17
|
|||
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19
|
|||
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50
|
|||
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 162
|
|||
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56
|
|||
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 68
|
|||
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 135
|
|||
TLS_DHE_DSS_WITH_DES_CBC_SHA = 18
|
|||
TLS_DHE_DSS_WITH_RC4_128_SHA = 102
|
|||
TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 52397
|
|||
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 20
|
|||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22
|
|||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51
|
|||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 103
|
|||
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 158
|
|||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57
|
|||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 107
|
|||
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 69
|
|||
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 136
|
|||
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 52394
|
|||
TLS_DHE_RSA_WITH_DES_CBC_SHA = 21
|
|||
TLS_DH_ANON_WITH_AES_128_CBC_SHA = 52
|
|||
TLS_DH_ANON_WITH_AES_256_CBC_SHA = 58
|
|||
TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 70
|
|||
TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 137
|
|||
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 11
|
|||
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13
|
|||
TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48
|
|||
TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54
|
|||
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 66
|
|||
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 133
|
|||
TLS_DH_DSS_WITH_DES_CBC_SHA = 12
|
|||
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 14
|
|||
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 16
|
|||
TLS_DH_RSA_WITH_AES_128_CBC_SHA = 49
|
|||
TLS_DH_RSA_WITH_AES_256_CBC_SHA = 55
|
|||
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 67
|
|||
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 134
|
|||
TLS_DH_RSA_WITH_DES_CBC_SHA = 15
|
|||
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 25
|
|||
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 23
|
|||
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 27
|
|||
TLS_DH_anon_WITH_AES_128_CBC_SHA = 52
|
|||
TLS_DH_anon_WITH_AES_256_CBC_SHA = 58
|
|||
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 70
|
|||
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 137
|
|||
TLS_DH_anon_WITH_DES_CBC_SHA = 26
|
|||
TLS_DH_anon_WITH_RC4_128_MD5 = 24
|
|||
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 49160
|
|||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 49161
|
|||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 49187
|
|||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 49195
|
|||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 49162
|
|||
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 52393
|
|||
TLS_ECDHE_ECDSA_WITH_NULL_SHA = 49158
|
|||
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 49159
|
|||
TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 52396
|
|||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 49170
|
|||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 49171
|
|||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 49191
|
|||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 49199
|
|||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 49172
|
|||
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 52392
|
|||
TLS_ECDHE_RSA_WITH_NULL_SHA = 49168
|
|||
TLS_ECDHE_RSA_WITH_RC4_128_SHA = 49169
|
|||
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 49155
|
|||
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 49156
|
|||
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 49197
|
|||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 49157
|
|||
TLS_ECDH_ECDSA_WITH_NULL_SHA = 49153
|
|||
TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 49154
|
|||
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 49165
|
|||
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 49166
|
|||
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 49201
|
|||
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 49167
|
|||
TLS_ECDH_RSA_WITH_NULL_SHA = 49163
|
|||
TLS_ECDH_RSA_WITH_RC4_128_SHA = 49164
|
|||
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 49175
|
|||
TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 49176
|
|||
TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 49177
|
|||
TLS_ECDH_anon_WITH_NULL_SHA = 49173
|
|||
TLS_ECDH_anon_WITH_RC4_128_SHA = 49174
|
|||
TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 255
|
|||
TLS_FALLBACK_SCSV = 22016
|
|||
TLS_NULL_WITH_NULL_NULL = 0
|
|||
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 98
|
|||
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 100
|
|||
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 8
|
|||
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6
|
|||
TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 3
|
|||
TLS_RSA_WITH_3DES_EDE_CBC_SHA = 10
|
|||
TLS_RSA_WITH_AES_128_CBC_SHA = 47
|
|||
TLS_RSA_WITH_AES_128_CBC_SHA256 = 60
|
|||
TLS_RSA_WITH_AES_128_GCM_SHA256 = 156
|
|||
TLS_RSA_WITH_AES_256_CBC_SHA = 53
|
|||
TLS_RSA_WITH_AES_256_CBC_SHA256 = 61
|
|||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 65
|
|||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 132
|
|||
TLS_RSA_WITH_DES_CBC_SHA = 9
|
|||
TLS_RSA_WITH_IDEA_CBC_SHA = 7
|
|||
TLS_RSA_WITH_NULL_MD5 = 1
|
|||
TLS_RSA_WITH_NULL_SHA = 2
|
|||
TLS_RSA_WITH_NULL_SHA256 = 59
|
|||
TLS_RSA_WITH_RC4_128_MD5 = 4
|
|||
TLS_RSA_WITH_RC4_128_SHA = 5
|
|||
TLS_RSA_WITH_SEED_CBC_SHA = 150
|
|||
_C_API = <capsule object "_C_API" at 0x7f1d05996f90>
|
|||
__package__ = None
|
|||
ssl2 = 2
|
|||
ssl3 = 768
|
|||
ssl_implemented_ciphers =
|
|||
tls1.0 = 769
|
|||
tls1.1 = 770
|
|||
tls1.2 = 771
|
|||
tls1.3 = 772
|
|
|
This function sets up a Server Session ID (SID) cache that is safe for access by multiple processes on the same system. Like ssl.config\_server\_session\_id\_cache(), with one important difference. If the application will run multiple processes (as opposed to, or in addition to multiple threads), then it must call this function, instead of calling ssl.config\_server\_session\_id\_cache(). This has nothing to do with the number of processors, only processes.
|
If you are writing an application which will use SSL sockets to handshake as a server, you must call config_server_session_id_cache() to configure the session caches for server sessions. If your server application uses multiple processes (instead of or in addition to multiple threads), use ssl.config\_mp\_server\_sid\_cache() instead. You must use one of these functions to create a server cache. This function creates two caches: the server session ID cache (also called the server session cache, or server cache), and the client-auth certificate cache (also called the client cert cache, or client auth cache). Both caches are used only for sessions where the program will handshakes as a server. The client-auth certificate cache is used to remember the certificates previously presented by clients for client certificate authentication. A zero value or a value that is out of range for any of the parameters causes the server default value to be used in the server cache. Note, this function only affects the server cache, not the client cache.
|
Configure a secure server's session-id cache. Depends on value of enable_mp_cache, configures multi-proc or single proc cache. A zero value or a value that is out of range for any of the parameters causes the server default value to be used in the server cache. Note, this function only affects the server cache, not the client cache.
|
|
|
|
|
|
|
Given the major and minor SSL protocol versions return the SSL version it's according to repr_kind
|
|
|
Sets the application default preference for the specified SSL2, SSL3, or TLS cipher. A cipher suite is used only if the policy allows it and the preference for it is set to True. This function must be called once for each cipher you want to enable or disable by default. Note, which cipher suites are permitted or disallowed are modified by previous calls to one or more of the SSL Export Policy Functions.
|
|
|
|
|
|
|
|
Given the name of a SSL_LIBRARY_VERSION return it's integer constant The string comparison is case insensitive. In addition to the names of the SSL_LIBRARY_VERSION constants the following aliases are recognized:
|
|
|
ssl_implemented_ciphers
|
Home | Trees | Indices | Help |
---|
Generated by Epydoc 3.0.1 | http://epydoc.sourceforge.net |