tlslite.constants module
- class tlslite.constants.AlertDescription[source]
Bases:
TLSEnum
- Variables:
bad_record_mac –
A TLS record failed to decrypt properly.
If this occurs during a SRP handshake it most likely indicates a bad password. It may also indicate an implementation error, or some tampering with the data in transit.
This alert will be signalled by the server if the SRP password is bad. It may also be signalled by the server if the SRP username is unknown to the server, but it doesn’t wish to reveal that fact.
handshake_failure –
A problem occurred while handshaking.
This typically indicates a lack of common ciphersuites between client and server, or some other disagreement (about SRP parameters or key sizes, for example).
protocol_version –
The other party’s SSL/TLS version was unacceptable.
This indicates that the client and server couldn’t agree on which version of SSL or TLS to use.
user_canceled – The handshake is being cancelled for some reason.
- access_denied = 49
- bad_certificate = 42
- bad_certificate_hash_value = 114
- bad_certificate_status_response = 113
- bad_record_mac = 20
- certificate_expired = 45
- certificate_required = 116
- certificate_revoked = 44
- certificate_unknown = 46
- certificate_unobtainable = 111
- close_notify = 0
- decode_error = 50
- decompression_failure = 30
- decrypt_error = 51
- decryption_failed = 21
- export_restriction = 60
- handshake_failure = 40
- illegal_parameter = 47
- inappropriate_fallback = 86
- insufficient_security = 71
- internal_error = 80
- missing_extension = 109
- no_application_protocol = 120
- no_certificate = 41
- no_renegotiation = 100
- protocol_version = 70
- record_overflow = 22
- unexpected_message = 10
- unknown_ca = 48
- unknown_psk_identity = 115
- unrecognized_name = 112
- unsupported_certificate = 43
- unsupported_extension = 110
- user_canceled = 90
- class tlslite.constants.AlertLevel[source]
Bases:
TLSEnum
Enumeration of TLS Alert protocol levels
- fatal = 2
- warning = 1
- class tlslite.constants.AlgorithmOID[source]
Bases:
TLSEnum
Algorithm OIDs as defined in rfc5758(ecdsa), rfc5754(rsa, sha), rfc3447(rss-pss). The key is the DER encoded OID in hex and the value is the algorithm id.
- oid = {b'\x06\x03+ep': (8, 7), b'\x06\x03+eq': (8, 8), b'\x06\x07*\x86H\xce8\x04\x03': (2, 2), b'\x06\x07*\x86H\xce=\x04\x01': (2, 3), b'\x06\x08*\x86H\xce=\x04\x03\x01': (3, 3), b'\x06\x08*\x86H\xce=\x04\x03\x02': (4, 3), b'\x06\x08*\x86H\xce=\x04\x03\x03': (5, 3), b'\x06\x08*\x86H\xce=\x04\x03\x04': (6, 3), b'\x06\t*\x86H\x86\xf7\r\x01\x01\x04': (1, 1), b'\x06\t*\x86H\x86\xf7\r\x01\x01\x05': (2, 1), b'\x06\t*\x86H\x86\xf7\r\x01\x01\x0b': (4, 1), b'\x06\t*\x86H\x86\xf7\r\x01\x01\x0c': (5, 1), b'\x06\t*\x86H\x86\xf7\r\x01\x01\r': (6, 1), b'\x06\t*\x86H\x86\xf7\r\x01\x01\x0e': (3, 1), b'\x06\t`\x86H\x01e\x03\x04\x03\x01': (3, 2), b'\x06\t`\x86H\x01e\x03\x04\x03\x02': (4, 2), b'\x06\t`\x86H\x01e\x03\x04\x03\x03': (5, 2), b'\x06\t`\x86H\x01e\x03\x04\x03\x04': (6, 2), b'0\x0b\x06\t`\x86H\x01e\x03\x04\x02\x01': (8, 4), b'0\x0b\x06\t`\x86H\x01e\x03\x04\x02\x02': (8, 5), b'0\x0b\x06\t`\x86H\x01e\x03\x04\x02\x03': (8, 6), b'0\r\x06\t`\x86H\x01e\x03\x04\x02\x01\x05\x00': (8, 4), b'0\r\x06\t`\x86H\x01e\x03\x04\x02\x02\x05\x00': (8, 5), b'0\r\x06\t`\x86H\x01e\x03\x04\x02\x03\x05\x00': (8, 6)}
- class tlslite.constants.CertificateStatusType[source]
Bases:
TLSEnum
Type of responses in the status_request and CertificateStatus msgs.
- ocsp = 1
- class tlslite.constants.CipherSuite[source]
Bases:
object
Numeric values of ciphersuites and ciphersuite types
- Variables:
tripleDESSuites – ciphersuties which use 3DES symmetric cipher in CBC mode
aes128Suites – ciphersuites which use AES symmetric cipher in CBC mode with 128 bit key
aes256Suites – ciphersuites which use AES symmetric cipher in CBC mode with 256 bit key
rc4Suites – ciphersuites which use RC4 symmetric cipher with 128 bit key
shaSuites – ciphersuites which use SHA-1 HMAC integrity mechanism and protocol default Pseudo Random Function
sha256Suites – ciphersuites which use SHA-256 HMAC integrity mechanism and SHA-256 Pseudo Random Function
md5Suites – ciphersuites which use MD-5 HMAC integrity mechanism and protocol default Pseudo Random Function
srpSuites – ciphersuites which use Secure Remote Password (SRP) key exchange protocol
srpCertSuites – ciphersuites which use Secure Remote Password (SRP) key exchange protocol with RSA server authentication
srpAllSuites – all SRP ciphersuites, pure SRP and with RSA based server authentication
certSuites – ciphersuites which use RSA key exchange with RSA server authentication
certAllSuites – ciphersuites which use RSA server authentication
anonSuites – ciphersuites which use anonymous Finite Field Diffie-Hellman key exchange
ietfNames – dictionary with string names of the ciphersuites
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 458944
- SSL_CK_DES_64_CBC_WITH_MD5 = 393280
- SSL_CK_IDEA_128_CBC_WITH_MD5 = 327808
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 262272
- SSL_CK_RC2_128_CBC_WITH_MD5 = 196736
- SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 131200
- SSL_CK_RC4_128_WITH_MD5 = 65664
- TLS_AES_128_CCM_8_SHA256 = 4869
- TLS_AES_128_CCM_SHA256 = 4868
- TLS_AES_128_GCM_SHA256 = 4865
- TLS_AES_256_GCM_SHA384 = 4866
- TLS_CHACHA20_POLY1305_SHA256 = 4867
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 64
- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 162
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 106
- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 163
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 103
- TLS_DHE_RSA_WITH_AES_128_CCM = 49310
- TLS_DHE_RSA_WITH_AES_128_CCM_8 = 49314
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 158
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 107
- TLS_DHE_RSA_WITH_AES_256_CCM = 49311
- TLS_DHE_RSA_WITH_AES_256_CCM_8 = 49315
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 159
- TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 52394
- TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00 = 52387
- TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 27
- TLS_DH_ANON_WITH_AES_128_CBC_SHA = 52
- TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 108
- TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 166
- TLS_DH_ANON_WITH_AES_256_CBC_SHA = 58
- TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 109
- TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 167
- TLS_DH_ANON_WITH_RC4_128_MD5 = 24
- TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13
- TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48
- TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 62
- TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 164
- TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54
- TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 104
- TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 165
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 49160
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 49161
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 49187
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 49324
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 49326
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 49195
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 49162
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 49188
- TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 49325
- TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 49327
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 49196
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 52393
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_draft_00 = 52386
- TLS_ECDHE_ECDSA_WITH_NULL_SHA = 49158
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 49159
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 49170
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 49171
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 49191
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 49199
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 49172
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 49192
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 49200
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 52392
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00 = 52385
- TLS_ECDHE_RSA_WITH_NULL_SHA = 49168
- TLS_ECDHE_RSA_WITH_RC4_128_SHA = 49169
- TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 49175
- TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 49176
- TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 49177
- TLS_ECDH_ANON_WITH_NULL_SHA = 49173
- TLS_ECDH_ANON_WITH_RC4_128_SHA = 49174
- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 49155
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 49156
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 49189
- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 49197
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 49157
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 49190
- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 49198
- TLS_ECDH_ECDSA_WITH_NULL_SHA = 49153
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 49154
- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 49165
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 49166
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 49193
- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 49201
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 49167
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 49194
- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 49202
- TLS_ECDH_RSA_WITH_NULL_SHA = 49163
- TLS_ECDH_RSA_WITH_RC4_128_SHA = 49164
- TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 255
- TLS_FALLBACK_SCSV = 22016
- TLS_RSA_WITH_3DES_EDE_CBC_SHA = 10
- TLS_RSA_WITH_AES_128_CBC_SHA = 47
- TLS_RSA_WITH_AES_128_CBC_SHA256 = 60
- TLS_RSA_WITH_AES_128_CCM = 49308
- TLS_RSA_WITH_AES_128_CCM_8 = 49312
- TLS_RSA_WITH_AES_128_GCM_SHA256 = 156
- TLS_RSA_WITH_AES_256_CBC_SHA = 53
- TLS_RSA_WITH_AES_256_CBC_SHA256 = 61
- TLS_RSA_WITH_AES_256_CCM = 49309
- TLS_RSA_WITH_AES_256_CCM_8 = 49313
- TLS_RSA_WITH_AES_256_GCM_SHA384 = 157
- TLS_RSA_WITH_NULL_MD5 = 1
- TLS_RSA_WITH_NULL_SHA = 2
- TLS_RSA_WITH_NULL_SHA256 = 59
- TLS_RSA_WITH_RC4_128_MD5 = 4
- TLS_RSA_WITH_RC4_128_SHA = 5
- TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 49180
- TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 49183
- TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 49186
- TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 49179
- TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 49182
- TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 49185
- TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 49178
- TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 49181
- TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 49184
- aeadSuites = [156, 158, 166, 49195, 49197, 49201, 49199, 4865, 162, 164, 157, 159, 167, 49196, 49198, 49202, 49200, 4866, 163, 165, 49308, 49310, 49324, 4868, 49312, 49314, 49326, 4869, 49309, 49311, 49325, 49313, 49315, 49327, 52392, 52393, 52394, 4867, 52385, 52386, 52387]
AEAD integrity, any PRF
- aes128CcmSuites = [49308, 49310, 49324, 4868]
AES-128 CCM ciphers
- aes128Ccm_8Suites = [49312, 49314, 49326, 4869]
AES-128 CCM_8 ciphers
- aes128GcmSuites = [156, 158, 166, 49195, 49197, 49201, 49199, 4865, 162, 164]
AES-128 GCM ciphers
- aes128Suites = [49181, 49182, 47, 51, 52, 60, 103, 108, 49187, 49161, 49189, 49156, 49193, 49166, 49171, 49191, 49176, 48, 50, 62, 64, 49183]
AES-128 CBC ciphers
- aes256CcmSuites = [49309, 49311, 49325]
- aes256Ccm_8Suites = [49313, 49315, 49327]
AES-256 CCM_8 ciphers
- aes256GcmSuites = [157, 159, 167, 49196, 49198, 49202, 49200, 4866, 163, 165]
AES-256-GCM ciphers (implicit SHA384, see sha384PrfSuites)
- aes256Suites = [49184, 49185, 53, 58, 57, 61, 107, 109, 49188, 49162, 49190, 49157, 49194, 49167, 49172, 49192, 49177, 54, 56, 104, 106, 49186]
AES-256 CBC ciphers
- anonSuites = [167, 166, 109, 58, 108, 52, 27, 24]
anon FFDHE key exchange
- static canonicalCipherName(ciphersuite)[source]
Return the canonical name of the cipher whose number is provided.
- static canonicalMacName(ciphersuite)[source]
Return the canonical name of the MAC whose number is provided.
- certAllSuites = [49185, 49182, 49179, 157, 156, 49309, 49308, 61, 60, 53, 47, 49313, 49312, 10, 5, 4, 1, 2, 59, 52394, 52387, 159, 158, 49311, 49310, 107, 103, 57, 51, 49315, 49314, 22, 52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168]
RSA authentication
- certSuites = [157, 156, 49309, 49308, 61, 60, 53, 47, 49313, 49312, 10, 5, 4, 1, 2, 59]
RSA key exchange, RSA authentication
- chacha20Suites = [52392, 52393, 52394, 4867]
CHACHA20 cipher (implicit POLY1305 authenticator, SHA256 PRF)
- chacha20draft00Suites = [52385, 52386, 52387]
CHACHA20 cipher, 00’th IETF draft (implicit POLY1305 authenticator)
- dhAllSuites = [52394, 52387, 159, 158, 49311, 49310, 107, 103, 57, 51, 49315, 49314, 22, 167, 166, 109, 58, 108, 52, 27, 24, 163, 162, 106, 64, 56, 50, 19]
- dheCertSuites = [52394, 52387, 159, 158, 49311, 49310, 107, 103, 57, 51, 49315, 49314, 22]
FFDHE key exchange, RSA authentication
- dheDsaSuites = [163, 162, 106, 64, 56, 50, 19]
DHE key exchange, DSA authentication
- ecdhAllSuites = [52393, 52386, 49196, 49195, 49325, 49324, 49188, 49187, 49162, 49161, 49160, 49327, 49326, 49159, 49158, 52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173]
all ciphersuites which use ephemeral ECDH key exchange
- ecdhAnonSuites = [49177, 49176, 49175, 49174, 49173]
anon ECDHE key exchange
- ecdheCertSuites = [52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168]
ECDHE key exchange, RSA authentication
- ecdheEcdsaSuites = [52393, 52386, 49196, 49195, 49325, 49324, 49188, 49187, 49162, 49161, 49160, 49327, 49326, 49159, 49158]
ECDHE key exchange, ECDSA authentication
- static filterForVersion(suites, minVersion, maxVersion)[source]
Return a copy of suites without ciphers incompatible with version
- static filter_for_certificate(suites, cert_chain)[source]
Return a copy of suites without ciphers incompatible with the cert.
- static filter_for_prfs(suites, prfs)[source]
Return a copy of suites without ciphers incompatible with the specified prfs (sha256 or sha384)
- classmethod getAnonSuites(settings, version=None)[source]
Provide anonymous DH ciphersuites matching settings
- classmethod getCertSuites(settings, version=None)[source]
Return ciphers with RSA authentication matching settings
- classmethod getDheCertSuites(settings, version=None)[source]
Provide authenticated DHE ciphersuites matching settings
- classmethod getDheDsaSuites(settings, version=None)[source]
Provide DSA authenticated ciphersuites matching settings
- classmethod getEcdhAnonSuites(settings, version=None)[source]
Provide anonymous ECDH ciphersuites matching settings
- classmethod getEcdheCertSuites(settings, version=None)[source]
Provide authenticated ECDHE ciphersuites matching settings
- classmethod getEcdsaSuites(settings, version=None)[source]
Provide ECDSA authenticated ciphersuites matching settings
- classmethod getSrpAllSuites(settings, version=None)[source]
Return all SRP cipher suites matching settings
- classmethod getSrpCertSuites(settings, version=None)[source]
Return SRP cipher suites that use server certificates
- classmethod getSrpDsaSuites(settings, version=None)[source]
Return SRP DSA cipher suites that use server certificates
- classmethod getSrpSuites(settings, version=None)[source]
Return SRP cipher suites matching settings
- classmethod getTLS13Suites(settings, version=None)[source]
Return cipher suites that are TLS 1.3 specific.
- i = 165
- ietfNames = {1: 'TLS_RSA_WITH_NULL_MD5', 2: 'TLS_RSA_WITH_NULL_SHA', 4: 'TLS_RSA_WITH_RC4_128_MD5', 5: 'TLS_RSA_WITH_RC4_128_SHA', 10: 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', 13: 'TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA', 19: 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA', 22: 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA', 24: 'TLS_DH_ANON_WITH_RC4_128_MD5', 27: 'TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA', 47: 'TLS_RSA_WITH_AES_128_CBC_SHA', 48: 'TLS_DH_DSS_WITH_AES_128_CBC_SHA', 50: 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA', 51: 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA', 52: 'TLS_DH_ANON_WITH_AES_128_CBC_SHA', 53: 'TLS_RSA_WITH_AES_256_CBC_SHA', 54: 'TLS_DH_DSS_WITH_AES_256_CBC_SHA', 56: 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA', 57: 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA', 58: 'TLS_DH_ANON_WITH_AES_256_CBC_SHA', 59: 'TLS_RSA_WITH_NULL_SHA256', 60: 'TLS_RSA_WITH_AES_128_CBC_SHA256', 61: 'TLS_RSA_WITH_AES_256_CBC_SHA256', 62: 'TLS_DH_DSS_WITH_AES_128_CBC_SHA256', 64: 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256', 103: 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256', 104: 'TLS_DH_DSS_WITH_AES_256_CBC_SHA256', 106: 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256', 107: 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256', 108: 'TLS_DH_ANON_WITH_AES_128_CBC_SHA256', 109: 'TLS_DH_ANON_WITH_AES_256_CBC_SHA256', 156: 'TLS_RSA_WITH_AES_128_GCM_SHA256', 157: 'TLS_RSA_WITH_AES_256_GCM_SHA384', 158: 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', 159: 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', 162: 'TLS_DHE_DSS_WITH_AES_128_GCM_SHA256', 163: 'TLS_DHE_DSS_WITH_AES_256_GCM_SHA384', 164: 'TLS_DH_DSS_WITH_AES_128_GCM_SHA256', 165: 'TLS_DH_DSS_WITH_AES_256_GCM_SHA384', 166: 'TLS_DH_ANON_WITH_AES_128_GCM_SHA256', 167: 'TLS_DH_ANON_WITH_AES_256_GCM_SHA384', 255: 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV', 4865: 'TLS_AES_128_GCM_SHA256', 4866: 'TLS_AES_256_GCM_SHA384', 4867: 'TLS_CHACHA20_POLY1305_SHA256', 4868: 'TLS_AES_128_CCM_SHA256', 4869: 'TLS_AES_128_CCM_8_SHA256', 22016: 'TLS_FALLBACK_SCSV', 49153: 'TLS_ECDH_ECDSA_WITH_NULL_SHA', 49154: 'TLS_ECDH_ECDSA_WITH_RC4_128_SHA', 49155: 'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA', 49156: 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA', 49157: 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA', 49158: 'TLS_ECDHE_ECDSA_WITH_NULL_SHA', 49159: 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', 49160: 'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA', 49161: 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', 49162: 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', 49163: 'TLS_ECDH_RSA_WITH_NULL_SHA', 49164: 'TLS_ECDH_RSA_WITH_RC4_128_SHA', 49165: 'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA', 49166: 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA', 49167: 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA', 49168: 'TLS_ECDHE_RSA_WITH_NULL_SHA', 49169: 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', 49170: 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', 49171: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 49172: 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 49173: 'TLS_ECDH_ANON_WITH_NULL_SHA', 49174: 'TLS_ECDH_ANON_WITH_RC4_128_SHA', 49175: 'TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA', 49176: 'TLS_ECDH_ANON_WITH_AES_128_CBC_SHA', 49177: 'TLS_ECDH_ANON_WITH_AES_256_CBC_SHA', 49178: 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA', 49179: 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA', 49180: 'TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA', 49181: 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA', 49182: 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA', 49183: 'TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA', 49184: 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA', 49185: 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA', 49186: 'TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA', 49187: 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', 49188: 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', 49189: 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256', 49190: 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384', 49191: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 49192: 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 49193: 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256', 49194: 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384', 49195: 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 49196: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 49197: 'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256', 49198: 'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384', 49199: 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 49200: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 49201: 'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256', 49202: 'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384', 49308: 'TLS_RSA_WITH_AES_128_CCM', 49309: 'TLS_RSA_WITH_AES_256_CCM', 49310: 'TLS_DHE_RSA_WITH_AES_128_CCM', 49311: 'TLS_DHE_RSA_WITH_AES_256_CCM', 49312: 'TLS_RSA_WITH_AES_128_CCM_8', 49313: 'TLS_RSA_WITH_AES_256_CCM_8', 49314: 'TLS_DHE_RSA_WITH_AES_128_CCM_8', 49315: 'TLS_DHE_RSA_WITH_AES_256_CCM_8', 49324: 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM', 49325: 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM', 49326: 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8', 49327: 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8', 52385: 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00', 52386: 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_draft_00', 52387: 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00', 52392: 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 52393: 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 52394: 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 65664: 'SSL_CK_RC4_128_WITH_MD5', 131200: 'SSL_CK_RC4_128_EXPORT40_WITH_MD5', 196736: 'SSL_CK_RC2_128_CBC_WITH_MD5', 262272: 'SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5', 327808: 'SSL_CK_IDEA_128_CBC_WITH_MD5', 393280: 'SSL_CK_DES_64_CBC_WITH_MD5', 458944: 'SSL_CK_DES_192_EDE3_CBC_WITH_MD5'}
- md5Suites = [24, 4, 1]
MD-5 HMAC, protocol default PRF
- nullSuites = [1, 2, 59, 49158, 49153, 49163, 49168, 49173]
no encryption
- rc4Suites = [49169, 49159, 49154, 49164, 24, 5, 4, 49174]
RC4 128 stream cipher
- sha256PrfSuites = [60, 61, 103, 107, 59, 108, 109, 49187, 49189, 49193, 49191, 156, 158, 166, 49195, 49197, 49201, 49199, 4865, 162, 164, 49308, 49310, 49324, 4868, 49312, 49314, 49326, 4869, 49309, 49311, 49325, 49313, 49315, 49327, 52392, 52393, 52394, 4867, 52385, 52386, 52387]
any that will end up using SHA256 PRF in TLS 1.2 or later
- sha256Suites = [60, 61, 103, 107, 59, 108, 109, 49187, 49189, 49193, 49191]
SHA-256 HMAC, SHA-256 PRF
- sha384PrfSuites = [49188, 49190, 49194, 49192, 163, 165, 157, 159, 167, 49196, 49198, 49202, 49200, 4866, 163, 165]
any with SHA384 PRF
- sha384Suites = [49188, 49190, 49194, 49192, 163, 165]
SHA-384 HMAC, SHA-384 PRF
- shaSuites = [49178, 49181, 49184, 49179, 49182, 49185, 49180, 49183, 49186, 10, 47, 53, 5, 22, 51, 57, 19, 50, 56, 52, 58, 27, 13, 48, 54, 2, 49162, 49161, 49160, 49159, 49158, 49157, 49156, 49155, 49154, 49153, 49167, 49166, 49165, 49164, 49163, 49171, 49172, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173]
SHA-1 HMAC, protocol default PRF
- srpAllSuites = [49184, 49181, 49178, 49185, 49182, 49179]
All that use SRP key exchange
- srpCertSuites = [49185, 49182, 49179]
SRP key exchange, RSA authentication
- srpDsaSuites = [49180, 49183, 49186]
SRP key exchange, DSA authentication
- srpSuites = [49184, 49181, 49178]
SRP key exchange, no certificate base authentication
- ssl2_128Key = [65664, 131200, 196736, 262272, 327808]
SSL2 ciphersuties which use 128 bit key
- ssl2_192Key = [458944]
SSL2 ciphersuites which use 192 bit key
- ssl2_3des = [458944]
SSL2 ciphersuites which use 3DES symmetric cipher
- ssl2_64Key = [393280]
SSL2 ciphersuites which use 64 bit key
- ssl2des = [393280]
SSL2 ciphersuites which use (single) DES symmetric cipher
- ssl2export = [131200, 262272]
SSL2 ciphersuites which encrypt only part (40 bits) of the key
- ssl2idea = [327808]
SSL2 ciphersuites which use IDEA symmetric cipher
- ssl2rc2 = [196736, 262272]
SSL2 ciphersuites which use RC2 symmetric cipher
- ssl2rc4 = [65664, 131200]
SSL2 ciphersuites which use RC4 symmetric cipher
- ssl3Suites = [49178, 49181, 49184, 49179, 49182, 49185, 49180, 49183, 49186, 10, 47, 53, 5, 22, 51, 57, 19, 50, 56, 52, 58, 27, 13, 48, 54, 2, 49162, 49161, 49160, 49159, 49158, 49157, 49156, 49155, 49154, 49153, 49167, 49166, 49165, 49164, 49163, 49171, 49172, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173, 24, 4, 1]
SSL3, TLS1.0, TLS1.1 and TLS1.2 compatible ciphers
- streamSuites = [49169, 49159, 49154, 49164, 24, 5, 4, 49174, 1, 2, 59, 49158, 49153, 49163, 49168, 49173]
stream cipher construction
- tls12Suites = [60, 61, 103, 107, 59, 108, 109, 49187, 49189, 49193, 49191, 49188, 49190, 49194, 49192, 163, 165, 156, 158, 166, 49195, 49197, 49201, 49199, 162, 164, 157, 159, 167, 49196, 49198, 49202, 49200, 163, 165, 49308, 49310, 49324, 49312, 49314, 49326, 49309, 49311, 49325, 49313, 49315, 49327, 52392, 52393, 52394, 52385, 52386, 52387]
TLS1.2 specific ciphersuites
- tls13Suites = [4866, 4865, 4867, 4868, 4869]
TLS1.3 specific ciphersuites
- tripleDESSuites = [49160, 49155, 49165, 49170, 49178, 49179, 10, 22, 27, 49175, 13, 19, 49180]
3DES CBC ciphers
- class tlslite.constants.ClientCertificateType[source]
Bases:
TLSEnum
- dss_fixed_dh = 4
- dss_sign = 2
- ecdsa_fixed_ecdh = 66
- ecdsa_sign = 64
- rsa_fixed_dh = 3
- rsa_fixed_ecdh = 65
- rsa_sign = 1
- class tlslite.constants.ContentType[source]
Bases:
TLSEnum
TLS record layer content types of payloads
- alert = 21
- all = (20, 21, 22, 23, 24)
- application_data = 23
- change_cipher_spec = 20
- handshake = 22
- heartbeat = 24
- class tlslite.constants.ECCurveType[source]
Bases:
TLSEnum
Types of ECC curves supported in TLS from RFC4492
- explicit_char2 = 2
- explicit_prime = 1
- named_curve = 3
- class tlslite.constants.ECPointFormat[source]
Bases:
TLSEnum
Names and ID’s of supported EC point formats.
- all = [0, 1, 2]
- ansiX962_compressed_char2 = 2
- ansiX962_compressed_prime = 1
- uncompressed = 0
- class tlslite.constants.ExtensionType[source]
Bases:
TLSEnum
TLS Extension Type registry values
- alpn = 16
- cert_type = 9
- client_hello_padding = 21
- cookie = 44
- early_data = 42
- ec_point_formats = 11
- encrypt_then_mac = 22
- extended_master_secret = 23
- extended_random = 40
- heartbeat = 15
- max_fragment_length = 1
- post_handshake_auth = 49
- psk_key_exchange_modes = 45
- record_size_limit = 28
- renegotiation_info = 65281
- server_name = 0
- session_ticket = 35
- signature_algorithms = 13
- signature_algorithms_cert = 50
- srp = 12
- status_request = 5
- supported_groups = 10
- supported_versions = 43
- supports_npn = 13172
- tack = 62208
- class tlslite.constants.Fault[source]
Bases:
object
- badA = 103
- badB = 201
- badFinished = 300
- badMAC = 301
- badPadding = 302
- badPassword = 102
- badPremasterPadding = 501
- badUsername = 101
- badVerifyMessage = 601
- clientCertFaults = [601]
- clientNoAuthFaults = [501, 502]
- clientSrpFaults = [101, 102, 103]
- faultAlerts = {101: (115, 20), 102: (20,), 103: (47,), 300: (51,), 301: (20,), 302: (20,), 501: (20,), 502: (20,), 601: (51,)}
- faultNames = {101: 'bad username', 102: 'bad password', 103: 'bad A', 300: 'bad finished message', 301: 'bad MAC', 302: 'bad padding', 501: 'bad premaster padding', 502: 'short premaster secret', 601: 'bad verify message'}
- genericFaults = [300, 301, 302]
- serverFaults = [201]
- shortPremasterSecret = 502
- class tlslite.constants.GroupName[source]
Bases:
TLSEnum
Name of groups supported for (EC)DH key exchange
- all = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 256, 257, 258, 259, 260]
- allEC = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30]
- allFF = [256, 257, 258, 259, 260]
- brainpoolP256r1 = 26
- brainpoolP384r1 = 27
- brainpoolP512r1 = 28
- ffdhe2048 = 256
- ffdhe3072 = 257
- ffdhe4096 = 258
- ffdhe6144 = 259
- ffdhe8192 = 260
- secp160k1 = 15
- secp160r1 = 16
- secp160r2 = 17
- secp192k1 = 18
- secp192r1 = 19
- secp224k1 = 20
- secp224r1 = 21
- secp256k1 = 22
- secp256r1 = 23
- secp384r1 = 24
- secp521r1 = 25
- sect163k1 = 1
- sect163r1 = 2
- sect163r2 = 3
- sect193r1 = 4
- sect193r2 = 5
- sect233k1 = 6
- sect233r1 = 7
- sect239k1 = 8
- sect283k1 = 9
- sect283r1 = 10
- sect409k1 = 11
- sect409r1 = 12
- sect571k1 = 13
- sect571r1 = 14
- x25519 = 29
- x448 = 30
- class tlslite.constants.HandshakeType[source]
Bases:
TLSEnum
Message types in TLS Handshake protocol
- certificate = 11
- certificate_request = 13
- certificate_status = 22
- certificate_verify = 15
- client_hello = 1
- client_key_exchange = 16
- encrypted_extensions = 8
- end_of_early_data = 5
- finished = 20
- hello_request = 0
- hello_retry_request = 6
- key_update = 24
- message_hash = 254
- new_session_ticket = 4
- next_protocol = 67
- server_hello = 2
- server_hello_done = 14
- server_key_exchange = 12
- class tlslite.constants.HashAlgorithm[source]
Bases:
TLSEnum
Hash algorithm IDs used in TLSv1.2
- intrinsic = 8
- md5 = 1
- none = 0
- sha1 = 2
- sha224 = 3
- sha256 = 4
- sha384 = 5
- sha512 = 6
- class tlslite.constants.HeartbeatMessageType[source]
Bases:
TLSEnum
Types of heartbeat messages from RFC 6520
- heartbeat_request = 1
- heartbeat_response = 2
- class tlslite.constants.HeartbeatMode[source]
Bases:
TLSEnum
Types of heartbeat modes from RFC 6520
- PEER_ALLOWED_TO_SEND = 1
- PEER_NOT_ALLOWED_TO_SEND = 2
- class tlslite.constants.KeyUpdateMessageType[source]
Bases:
TLSEnum
Types of keyupdate messages from RFC 8446
- update_not_requested = 0
- update_requested = 1
- class tlslite.constants.NameType[source]
Bases:
TLSEnum
Type of entries in Server Name Indication extension.
- host_name = 0
- class tlslite.constants.PskKeyExchangeMode[source]
Bases:
TLSEnum
Values used in the PSK Key Exchange Modes extension.
- psk_dhe_ke = 1
- psk_ke = 0
- class tlslite.constants.SSL2ErrorDescription[source]
Bases:
TLSEnum
SSL2 Handshake protocol error message descriptions
- bad_certificate = 4
- no_certificate = 2
- no_cipher = 1
- unsupported_certificate_type = 6
- class tlslite.constants.SSL2HandshakeType[source]
Bases:
TLSEnum
SSL2 Handshake Protocol message types.
- client_certificate = 8
- client_finished = 3
- client_hello = 1
- client_master_key = 2
- error = 0
- request_certificate = 7
- server_finished = 6
- server_hello = 4
- server_verify = 5
- class tlslite.constants.SignatureAlgorithm[source]
Bases:
TLSEnum
Signing algorithms used in TLSv1.2
- anonymous = 0
- dsa = 2
- ecdsa = 3
- ed25519 = 7
- ed448 = 8
- rsa = 1
- class tlslite.constants.SignatureScheme[source]
Bases:
TLSEnum
Signature scheme used for signalling supported signature algorithms.
This is the replacement for the HashAlgorithm and SignatureAlgorithm lists. Introduced with TLSv1.3.
- dsa_sha1 = (2, 2)
- dsa_sha224 = (3, 2)
- dsa_sha256 = (4, 2)
- dsa_sha384 = (5, 2)
- dsa_sha512 = (6, 2)
- ecdsa_secp256r1_sha256 = (4, 3)
- ecdsa_secp384r1_sha384 = (5, 3)
- ecdsa_secp521r1_sha512 = (6, 3)
- ecdsa_sha1 = (2, 3)
- ecdsa_sha224 = (3, 3)
- ed25519 = (8, 7)
- ed448 = (8, 8)
- static getKeyType(scheme)[source]
Return the name of the signature algorithm used in scheme.
E.g. for “rsa_pkcs1_sha1” it returns “rsa”
- rsa_pkcs1_sha1 = (2, 1)
- rsa_pkcs1_sha224 = (3, 1)
- rsa_pkcs1_sha256 = (4, 1)
- rsa_pkcs1_sha384 = (5, 1)
- rsa_pkcs1_sha512 = (6, 1)
- rsa_pss_pss_sha256 = (8, 9)
- rsa_pss_pss_sha384 = (8, 10)
- rsa_pss_pss_sha512 = (8, 11)
- rsa_pss_rsae_sha256 = (8, 4)
- rsa_pss_rsae_sha384 = (8, 5)
- rsa_pss_rsae_sha512 = (8, 6)
- rsa_pss_sha256 = (8, 4)
- rsa_pss_sha384 = (8, 5)
- rsa_pss_sha512 = (8, 6)