tlslite.constants module

class tlslite.constants.AlertDescription[source]

Bases: TLSEnum

Variables:

bad_record_mac –
A TLS record failed to decrypt properly.

If this occurs during a SRP handshake it most likely indicates a bad password. It may also indicate an implementation error, or some tampering with the data in transit.

This alert will be signalled by the server if the SRP password is bad. It may also be signalled by the server if the SRP username is unknown to the server, but it doesn’t wish to reveal that fact.
handshake_failure –
A problem occurred while handshaking.

This typically indicates a lack of common ciphersuites between client and server, or some other disagreement (about SRP parameters or key sizes, for example).
protocol_version –
The other party’s SSL/TLS version was unacceptable.

This indicates that the client and server couldn’t agree on which version of SSL or TLS to use.
user_canceled – The handshake is being cancelled for some reason.

access_denied = 49

bad_certificate = 42

bad_certificate_hash_value = 114

bad_certificate_status_response = 113

bad_record_mac = 20

certificate_expired = 45

certificate_required = 116

certificate_revoked = 44

certificate_unknown = 46

certificate_unobtainable = 111

close_notify = 0

decode_error = 50

decompression_failure = 30

decrypt_error = 51

decryption_failed = 21

export_restriction = 60

handshake_failure = 40

illegal_parameter = 47

inappropriate_fallback = 86

insufficient_security = 71

internal_error = 80

missing_extension = 109

no_application_protocol = 120

no_certificate = 41

no_renegotiation = 100

protocol_version = 70

record_overflow = 22

unexpected_message = 10

unknown_ca = 48

unknown_psk_identity = 115

unrecognized_name = 112

unsupported_certificate = 43

unsupported_extension = 110

user_canceled = 90

class tlslite.constants.AlertLevel[source]

Bases: TLSEnum

Enumeration of TLS Alert protocol levels

fatal = 2

warning = 1

class tlslite.constants.AlgorithmOID[source]

Bases: TLSEnum

Algorithm OIDs as defined in rfc5758(ecdsa), rfc5754(rsa, sha), rfc3447(rss-pss). The key is the DER encoded OID in hex and the value is the algorithm id.

oid = {b'\x06\x03+ep': (8, 7), b'\x06\x03+eq': (8, 8), b'\x06\x07*\x86H\xce8\x04\x03': (2, 2), b'\x06\x07*\x86H\xce=\x04\x01': (2, 3), b'\x06\x08*\x86H\xce=\x04\x03\x01': (3, 3), b'\x06\x08*\x86H\xce=\x04\x03\x02': (4, 3), b'\x06\x08*\x86H\xce=\x04\x03\x03': (5, 3), b'\x06\x08*\x86H\xce=\x04\x03\x04': (6, 3), b'\x06\t*\x86H\x86\xf7\r\x01\x01\x04': (1, 1), b'\x06\t*\x86H\x86\xf7\r\x01\x01\x05': (2, 1), b'\x06\t*\x86H\x86\xf7\r\x01\x01\x0b': (4, 1), b'\x06\t*\x86H\x86\xf7\r\x01\x01\x0c': (5, 1), b'\x06\t*\x86H\x86\xf7\r\x01\x01\r': (6, 1), b'\x06\t*\x86H\x86\xf7\r\x01\x01\x0e': (3, 1), b'\x06\t`\x86H\x01e\x03\x04\x03\x01': (3, 2), b'\x06\t`\x86H\x01e\x03\x04\x03\x02': (4, 2), b'\x06\t`\x86H\x01e\x03\x04\x03\x03': (5, 2), b'\x06\t`\x86H\x01e\x03\x04\x03\x04': (6, 2), b'0\x0b\x06\t`\x86H\x01e\x03\x04\x02\x01': (8, 4), b'0\x0b\x06\t`\x86H\x01e\x03\x04\x02\x02': (8, 5), b'0\x0b\x06\t`\x86H\x01e\x03\x04\x02\x03': (8, 6), b'0\r\x06\t`\x86H\x01e\x03\x04\x02\x01\x05\x00': (8, 4), b'0\r\x06\t`\x86H\x01e\x03\x04\x02\x02\x05\x00': (8, 5), b'0\r\x06\t`\x86H\x01e\x03\x04\x02\x03\x05\x00': (8, 6)}

class tlslite.constants.CertificateStatusType[source]

Bases: TLSEnum

Type of responses in the status_request and CertificateStatus msgs.

ocsp = 1

class tlslite.constants.CertificateType[source]

Bases: TLSEnum

openpgp = 1

x509 = 0

class tlslite.constants.CipherSuite[source]

Bases: object

Numeric values of ciphersuites and ciphersuite types

Variables:

tripleDESSuites – ciphersuties which use 3DES symmetric cipher in CBC mode
aes128Suites – ciphersuites which use AES symmetric cipher in CBC mode with 128 bit key
aes256Suites – ciphersuites which use AES symmetric cipher in CBC mode with 256 bit key
rc4Suites – ciphersuites which use RC4 symmetric cipher with 128 bit key
shaSuites – ciphersuites which use SHA-1 HMAC integrity mechanism and protocol default Pseudo Random Function
sha256Suites – ciphersuites which use SHA-256 HMAC integrity mechanism and SHA-256 Pseudo Random Function
md5Suites – ciphersuites which use MD-5 HMAC integrity mechanism and protocol default Pseudo Random Function
srpSuites – ciphersuites which use Secure Remote Password (SRP) key exchange protocol
srpCertSuites – ciphersuites which use Secure Remote Password (SRP) key exchange protocol with RSA server authentication
srpAllSuites – all SRP ciphersuites, pure SRP and with RSA based server authentication
certSuites – ciphersuites which use RSA key exchange with RSA server authentication
certAllSuites – ciphersuites which use RSA server authentication
anonSuites – ciphersuites which use anonymous Finite Field Diffie-Hellman key exchange
ietfNames – dictionary with string names of the ciphersuites

SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 458944

SSL_CK_DES_64_CBC_WITH_MD5 = 393280

SSL_CK_IDEA_128_CBC_WITH_MD5 = 327808

SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 262272

SSL_CK_RC2_128_CBC_WITH_MD5 = 196736

SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 131200

SSL_CK_RC4_128_WITH_MD5 = 65664

TLS_AES_128_CCM_8_SHA256 = 4869

TLS_AES_128_CCM_SHA256 = 4868

TLS_AES_128_GCM_SHA256 = 4865

TLS_AES_256_GCM_SHA384 = 4866

TLS_CHACHA20_POLY1305_SHA256 = 4867

TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19

TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50

TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 64

TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 162

TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56

TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 106

TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 163

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22

TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 103

TLS_DHE_RSA_WITH_AES_128_CCM = 49310

TLS_DHE_RSA_WITH_AES_128_CCM_8 = 49314

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 158

TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 107

TLS_DHE_RSA_WITH_AES_256_CCM = 49311

TLS_DHE_RSA_WITH_AES_256_CCM_8 = 49315

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 159

TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 52394

TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00 = 52387

TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 27

TLS_DH_ANON_WITH_AES_128_CBC_SHA = 52

TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 108

TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 166

TLS_DH_ANON_WITH_AES_256_CBC_SHA = 58

TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 109

TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 167

TLS_DH_ANON_WITH_RC4_128_MD5 = 24

TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13

TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48

TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 62

TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 164

TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54

TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 104

TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 165

TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 49160

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 49161

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 49187

TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 49324

TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 49326

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 49195

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 49162

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 49188

TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 49325

TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 49327

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 49196

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 52393

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_draft_00 = 52386

TLS_ECDHE_ECDSA_WITH_NULL_SHA = 49158

TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 49159

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 49170

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 49171

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 49191

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 49199

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 49172

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 49192

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 49200

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 52392

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00 = 52385

TLS_ECDHE_RSA_WITH_NULL_SHA = 49168

TLS_ECDHE_RSA_WITH_RC4_128_SHA = 49169

TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 49175

TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 49176

TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 49177

TLS_ECDH_ANON_WITH_NULL_SHA = 49173

TLS_ECDH_ANON_WITH_RC4_128_SHA = 49174

TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 49155

TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 49156

TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 49189

TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 49197

TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 49157

TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 49190

TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 49198

TLS_ECDH_ECDSA_WITH_NULL_SHA = 49153

TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 49154

TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 49165

TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 49166

TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 49193

TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 49201

TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 49167

TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 49194

TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 49202

TLS_ECDH_RSA_WITH_NULL_SHA = 49163

TLS_ECDH_RSA_WITH_RC4_128_SHA = 49164

TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 255

TLS_FALLBACK_SCSV = 22016

TLS_RSA_WITH_3DES_EDE_CBC_SHA = 10

TLS_RSA_WITH_AES_128_CBC_SHA = 47

TLS_RSA_WITH_AES_128_CBC_SHA256 = 60

TLS_RSA_WITH_AES_128_CCM = 49308

TLS_RSA_WITH_AES_128_CCM_8 = 49312

TLS_RSA_WITH_AES_128_GCM_SHA256 = 156

TLS_RSA_WITH_AES_256_CBC_SHA = 53

TLS_RSA_WITH_AES_256_CBC_SHA256 = 61

TLS_RSA_WITH_AES_256_CCM = 49309

TLS_RSA_WITH_AES_256_CCM_8 = 49313

TLS_RSA_WITH_AES_256_GCM_SHA384 = 157

TLS_RSA_WITH_NULL_MD5 = 1

TLS_RSA_WITH_NULL_SHA = 2

TLS_RSA_WITH_NULL_SHA256 = 59

TLS_RSA_WITH_RC4_128_MD5 = 4

TLS_RSA_WITH_RC4_128_SHA = 5

TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 49180

TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 49183

TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 49186

TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 49179

TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 49182

TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 49185

TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 49178

TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 49181

TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 49184

aeadSuites = [156, 158, 166, 49195, 49197, 49201, 49199, 4865, 162, 164, 157, 159, 167, 49196, 49198, 49202, 49200, 4866, 163, 165, 49308, 49310, 49324, 4868, 49312, 49314, 49326, 4869, 49309, 49311, 49325, 49313, 49315, 49327, 52392, 52393, 52394, 4867, 52385, 52386, 52387]: AEAD integrity, any PRF

aes128CcmSuites = [49308, 49310, 49324, 4868]: AES-128 CCM ciphers

aes128Ccm_8Suites = [49312, 49314, 49326, 4869]: AES-128 CCM_8 ciphers

aes128GcmSuites = [156, 158, 166, 49195, 49197, 49201, 49199, 4865, 162, 164]: AES-128 GCM ciphers

aes128Suites = [49181, 49182, 47, 51, 52, 60, 103, 108, 49187, 49161, 49189, 49156, 49193, 49166, 49171, 49191, 49176, 48, 50, 62, 64, 49183]: AES-128 CBC ciphers

aes256CcmSuites = [49309, 49311, 49325]

aes256Ccm_8Suites = [49313, 49315, 49327]: AES-256 CCM_8 ciphers

aes256GcmSuites = [157, 159, 167, 49196, 49198, 49202, 49200, 4866, 163, 165]: AES-256-GCM ciphers (implicit SHA384, see sha384PrfSuites)

aes256Suites = [49184, 49185, 53, 58, 57, 61, 107, 109, 49188, 49162, 49190, 49157, 49194, 49167, 49172, 49192, 49177, 54, 56, 104, 106, 49186]: AES-256 CBC ciphers

anonSuites = [167, 166, 109, 58, 108, 52, 27, 24]: anon FFDHE key exchange

static canonicalCipherName(ciphersuite)[source]: Return the canonical name of the cipher whose number is provided.

static canonicalMacName(ciphersuite)[source]: Return the canonical name of the MAC whose number is provided.

certAllSuites = [49185, 49182, 49179, 157, 156, 49309, 49308, 61, 60, 53, 47, 49313, 49312, 10, 5, 4, 1, 2, 59, 52394, 52387, 159, 158, 49311, 49310, 107, 103, 57, 51, 49315, 49314, 22, 52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168]: RSA authentication

certSuites = [157, 156, 49309, 49308, 61, 60, 53, 47, 49313, 49312, 10, 5, 4, 1, 2, 59]: RSA key exchange, RSA authentication

chacha20Suites = [52392, 52393, 52394, 4867]: CHACHA20 cipher (implicit POLY1305 authenticator, SHA256 PRF)

chacha20draft00Suites = [52385, 52386, 52387]: CHACHA20 cipher, 00’th IETF draft (implicit POLY1305 authenticator)

dhAllSuites = [52394, 52387, 159, 158, 49311, 49310, 107, 103, 57, 51, 49315, 49314, 22, 167, 166, 109, 58, 108, 52, 27, 24, 163, 162, 106, 64, 56, 50, 19]

dheCertSuites = [52394, 52387, 159, 158, 49311, 49310, 107, 103, 57, 51, 49315, 49314, 22]: FFDHE key exchange, RSA authentication

dheDsaSuites = [163, 162, 106, 64, 56, 50, 19]: DHE key exchange, DSA authentication

ecdhAllSuites = [52393, 52386, 49196, 49195, 49325, 49324, 49188, 49187, 49162, 49161, 49160, 49327, 49326, 49159, 49158, 52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173]: all ciphersuites which use ephemeral ECDH key exchange

ecdhAnonSuites = [49177, 49176, 49175, 49174, 49173]: anon ECDHE key exchange

ecdheCertSuites = [52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168]: ECDHE key exchange, RSA authentication

ecdheEcdsaSuites = [52393, 52386, 49196, 49195, 49325, 49324, 49188, 49187, 49162, 49161, 49160, 49327, 49326, 49159, 49158]: ECDHE key exchange, ECDSA authentication

static filterForVersion(suites, minVersion, maxVersion)[source]: Return a copy of suites without ciphers incompatible with version

static filter_for_certificate(suites, cert_chain)[source]: Return a copy of suites without ciphers incompatible with the cert.

static filter_for_prfs(suites, prfs)[source]: Return a copy of suites without ciphers incompatible with the specified prfs (sha256 or sha384)

classmethod getAnonSuites(settings, version=None)[source]: Provide anonymous DH ciphersuites matching settings

classmethod getCertSuites(settings, version=None)[source]: Return ciphers with RSA authentication matching settings

classmethod getDheCertSuites(settings, version=None)[source]: Provide authenticated DHE ciphersuites matching settings

classmethod getDheDsaSuites(settings, version=None)[source]: Provide DSA authenticated ciphersuites matching settings

classmethod getEcdhAnonSuites(settings, version=None)[source]: Provide anonymous ECDH ciphersuites matching settings

classmethod getEcdheCertSuites(settings, version=None)[source]: Provide authenticated ECDHE ciphersuites matching settings

classmethod getEcdsaSuites(settings, version=None)[source]: Provide ECDSA authenticated ciphersuites matching settings

classmethod getSrpAllSuites(settings, version=None)[source]: Return all SRP cipher suites matching settings

classmethod getSrpCertSuites(settings, version=None)[source]: Return SRP cipher suites that use server certificates

classmethod getSrpDsaSuites(settings, version=None)[source]: Return SRP DSA cipher suites that use server certificates

classmethod getSrpSuites(settings, version=None)[source]: Return SRP cipher suites matching settings

classmethod getTLS13Suites(settings, version=None)[source]: Return cipher suites that are TLS 1.3 specific.

i = 165

ietfNames = {1: 'TLS_RSA_WITH_NULL_MD5', 2: 'TLS_RSA_WITH_NULL_SHA', 4: 'TLS_RSA_WITH_RC4_128_MD5', 5: 'TLS_RSA_WITH_RC4_128_SHA', 10: 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', 13: 'TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA', 19: 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA', 22: 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA', 24: 'TLS_DH_ANON_WITH_RC4_128_MD5', 27: 'TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA', 47: 'TLS_RSA_WITH_AES_128_CBC_SHA', 48: 'TLS_DH_DSS_WITH_AES_128_CBC_SHA', 50: 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA', 51: 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA', 52: 'TLS_DH_ANON_WITH_AES_128_CBC_SHA', 53: 'TLS_RSA_WITH_AES_256_CBC_SHA', 54: 'TLS_DH_DSS_WITH_AES_256_CBC_SHA', 56: 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA', 57: 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA', 58: 'TLS_DH_ANON_WITH_AES_256_CBC_SHA', 59: 'TLS_RSA_WITH_NULL_SHA256', 60: 'TLS_RSA_WITH_AES_128_CBC_SHA256', 61: 'TLS_RSA_WITH_AES_256_CBC_SHA256', 62: 'TLS_DH_DSS_WITH_AES_128_CBC_SHA256', 64: 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256', 103: 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256', 104: 'TLS_DH_DSS_WITH_AES_256_CBC_SHA256', 106: 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256', 107: 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256', 108: 'TLS_DH_ANON_WITH_AES_128_CBC_SHA256', 109: 'TLS_DH_ANON_WITH_AES_256_CBC_SHA256', 156: 'TLS_RSA_WITH_AES_128_GCM_SHA256', 157: 'TLS_RSA_WITH_AES_256_GCM_SHA384', 158: 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', 159: 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', 162: 'TLS_DHE_DSS_WITH_AES_128_GCM_SHA256', 163: 'TLS_DHE_DSS_WITH_AES_256_GCM_SHA384', 164: 'TLS_DH_DSS_WITH_AES_128_GCM_SHA256', 165: 'TLS_DH_DSS_WITH_AES_256_GCM_SHA384', 166: 'TLS_DH_ANON_WITH_AES_128_GCM_SHA256', 167: 'TLS_DH_ANON_WITH_AES_256_GCM_SHA384', 255: 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV', 4865: 'TLS_AES_128_GCM_SHA256', 4866: 'TLS_AES_256_GCM_SHA384', 4867: 'TLS_CHACHA20_POLY1305_SHA256', 4868: 'TLS_AES_128_CCM_SHA256', 4869: 'TLS_AES_128_CCM_8_SHA256', 22016: 'TLS_FALLBACK_SCSV', 49153: 'TLS_ECDH_ECDSA_WITH_NULL_SHA', 49154: 'TLS_ECDH_ECDSA_WITH_RC4_128_SHA', 49155: 'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA', 49156: 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA', 49157: 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA', 49158: 'TLS_ECDHE_ECDSA_WITH_NULL_SHA', 49159: 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', 49160: 'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA', 49161: 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', 49162: 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', 49163: 'TLS_ECDH_RSA_WITH_NULL_SHA', 49164: 'TLS_ECDH_RSA_WITH_RC4_128_SHA', 49165: 'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA', 49166: 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA', 49167: 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA', 49168: 'TLS_ECDHE_RSA_WITH_NULL_SHA', 49169: 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', 49170: 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', 49171: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 49172: 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 49173: 'TLS_ECDH_ANON_WITH_NULL_SHA', 49174: 'TLS_ECDH_ANON_WITH_RC4_128_SHA', 49175: 'TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA', 49176: 'TLS_ECDH_ANON_WITH_AES_128_CBC_SHA', 49177: 'TLS_ECDH_ANON_WITH_AES_256_CBC_SHA', 49178: 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA', 49179: 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA', 49180: 'TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA', 49181: 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA', 49182: 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA', 49183: 'TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA', 49184: 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA', 49185: 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA', 49186: 'TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA', 49187: 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', 49188: 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', 49189: 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256', 49190: 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384', 49191: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 49192: 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 49193: 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256', 49194: 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384', 49195: 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 49196: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 49197: 'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256', 49198: 'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384', 49199: 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 49200: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 49201: 'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256', 49202: 'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384', 49308: 'TLS_RSA_WITH_AES_128_CCM', 49309: 'TLS_RSA_WITH_AES_256_CCM', 49310: 'TLS_DHE_RSA_WITH_AES_128_CCM', 49311: 'TLS_DHE_RSA_WITH_AES_256_CCM', 49312: 'TLS_RSA_WITH_AES_128_CCM_8', 49313: 'TLS_RSA_WITH_AES_256_CCM_8', 49314: 'TLS_DHE_RSA_WITH_AES_128_CCM_8', 49315: 'TLS_DHE_RSA_WITH_AES_256_CCM_8', 49324: 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM', 49325: 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM', 49326: 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8', 49327: 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8', 52385: 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00', 52386: 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_draft_00', 52387: 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00', 52392: 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 52393: 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 52394: 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 65664: 'SSL_CK_RC4_128_WITH_MD5', 131200: 'SSL_CK_RC4_128_EXPORT40_WITH_MD5', 196736: 'SSL_CK_RC2_128_CBC_WITH_MD5', 262272: 'SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5', 327808: 'SSL_CK_IDEA_128_CBC_WITH_MD5', 393280: 'SSL_CK_DES_64_CBC_WITH_MD5', 458944: 'SSL_CK_DES_192_EDE3_CBC_WITH_MD5'}

md5Suites = [24, 4, 1]: MD-5 HMAC, protocol default PRF

nullSuites = [1, 2, 59, 49158, 49153, 49163, 49168, 49173]: no encryption

rc4Suites = [49169, 49159, 49154, 49164, 24, 5, 4, 49174]: RC4 128 stream cipher

sha256PrfSuites = [60, 61, 103, 107, 59, 108, 109, 49187, 49189, 49193, 49191, 156, 158, 166, 49195, 49197, 49201, 49199, 4865, 162, 164, 49308, 49310, 49324, 4868, 49312, 49314, 49326, 4869, 49309, 49311, 49325, 49313, 49315, 49327, 52392, 52393, 52394, 4867, 52385, 52386, 52387]: any that will end up using SHA256 PRF in TLS 1.2 or later

sha256Suites = [60, 61, 103, 107, 59, 108, 109, 49187, 49189, 49193, 49191]: SHA-256 HMAC, SHA-256 PRF

sha384PrfSuites = [49188, 49190, 49194, 49192, 163, 165, 157, 159, 167, 49196, 49198, 49202, 49200, 4866, 163, 165]: any with SHA384 PRF

sha384Suites = [49188, 49190, 49194, 49192, 163, 165]: SHA-384 HMAC, SHA-384 PRF

shaSuites = [49178, 49181, 49184, 49179, 49182, 49185, 49180, 49183, 49186, 10, 47, 53, 5, 22, 51, 57, 19, 50, 56, 52, 58, 27, 13, 48, 54, 2, 49162, 49161, 49160, 49159, 49158, 49157, 49156, 49155, 49154, 49153, 49167, 49166, 49165, 49164, 49163, 49171, 49172, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173]: SHA-1 HMAC, protocol default PRF

srpAllSuites = [49184, 49181, 49178, 49185, 49182, 49179]: All that use SRP key exchange

srpCertSuites = [49185, 49182, 49179]: SRP key exchange, RSA authentication

srpDsaSuites = [49180, 49183, 49186]: SRP key exchange, DSA authentication

srpSuites = [49184, 49181, 49178]: SRP key exchange, no certificate base authentication

ssl2_128Key = [65664, 131200, 196736, 262272, 327808]: SSL2 ciphersuties which use 128 bit key

ssl2_192Key = [458944]: SSL2 ciphersuites which use 192 bit key

ssl2_3des = [458944]: SSL2 ciphersuites which use 3DES symmetric cipher

ssl2_64Key = [393280]: SSL2 ciphersuites which use 64 bit key

ssl2des = [393280]: SSL2 ciphersuites which use (single) DES symmetric cipher

ssl2export = [131200, 262272]: SSL2 ciphersuites which encrypt only part (40 bits) of the key

ssl2idea = [327808]: SSL2 ciphersuites which use IDEA symmetric cipher

ssl2rc2 = [196736, 262272]: SSL2 ciphersuites which use RC2 symmetric cipher

ssl2rc4 = [65664, 131200]: SSL2 ciphersuites which use RC4 symmetric cipher

ssl3Suites = [49178, 49181, 49184, 49179, 49182, 49185, 49180, 49183, 49186, 10, 47, 53, 5, 22, 51, 57, 19, 50, 56, 52, 58, 27, 13, 48, 54, 2, 49162, 49161, 49160, 49159, 49158, 49157, 49156, 49155, 49154, 49153, 49167, 49166, 49165, 49164, 49163, 49171, 49172, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173, 24, 4, 1]: SSL3, TLS1.0, TLS1.1 and TLS1.2 compatible ciphers

streamSuites = [49169, 49159, 49154, 49164, 24, 5, 4, 49174, 1, 2, 59, 49158, 49153, 49163, 49168, 49173]: stream cipher construction

tls12Suites = [60, 61, 103, 107, 59, 108, 109, 49187, 49189, 49193, 49191, 49188, 49190, 49194, 49192, 163, 165, 156, 158, 166, 49195, 49197, 49201, 49199, 162, 164, 157, 159, 167, 49196, 49198, 49202, 49200, 163, 165, 49308, 49310, 49324, 49312, 49314, 49326, 49309, 49311, 49325, 49313, 49315, 49327, 52392, 52393, 52394, 52385, 52386, 52387]: TLS1.2 specific ciphersuites

tls13Suites = [4866, 4865, 4867, 4868, 4869]: TLS1.3 specific ciphersuites

tripleDESSuites = [49160, 49155, 49165, 49170, 49178, 49179, 10, 22, 27, 49175, 13, 19, 49180]: 3DES CBC ciphers

class tlslite.constants.ClientCertificateType[source]

Bases: TLSEnum

dss_fixed_dh = 4

dss_sign = 2

ecdsa_fixed_ecdh = 66

ecdsa_sign = 64

rsa_fixed_dh = 3

rsa_fixed_ecdh = 65

rsa_sign = 1

class tlslite.constants.ContentType[source]

Bases: TLSEnum

TLS record layer content types of payloads

alert = 21

all = (20, 21, 22, 23, 24)

application_data = 23

change_cipher_spec = 20

handshake = 22

heartbeat = 24

classmethod toRepr(value, blacklist=None)[source]: Convert numeric type to name representation

class tlslite.constants.ECCurveType[source]

Bases: TLSEnum

Types of ECC curves supported in TLS from RFC4492

explicit_char2 = 2

explicit_prime = 1

named_curve = 3

class tlslite.constants.ECPointFormat[source]

Bases: TLSEnum

Names and ID’s of supported EC point formats.

all = [0, 1, 2]

ansiX962_compressed_char2 = 2

ansiX962_compressed_prime = 1

classmethod toRepr(value, blacklist=None)[source]: Convert numeric type to name representation.

uncompressed = 0

class tlslite.constants.ExtensionType[source]

Bases: TLSEnum

TLS Extension Type registry values

alpn = 16

cert_type = 9

client_hello_padding = 21

cookie = 44

early_data = 42

ec_point_formats = 11

encrypt_then_mac = 22

extended_master_secret = 23

extended_random = 40

heartbeat = 15

key_share = 51

max_fragment_length = 1

post_handshake_auth = 49

pre_shared_key = 41

psk_key_exchange_modes = 45

record_size_limit = 28

renegotiation_info = 65281

server_name = 0

session_ticket = 35

signature_algorithms = 13

signature_algorithms_cert = 50

srp = 12

status_request = 5

supported_groups = 10

supported_versions = 43

supports_npn = 13172

tack = 62208

class tlslite.constants.Fault[source]

Bases: object

badA = 103

badB = 201

badFinished = 300

badMAC = 301

badPadding = 302

badPassword = 102

badPremasterPadding = 501

badUsername = 101

badVerifyMessage = 601

clientCertFaults = [601]

clientNoAuthFaults = [501, 502]

clientSrpFaults = [101, 102, 103]

faultAlerts = {101: (115, 20), 102: (20,), 103: (47,), 300: (51,), 301: (20,), 302: (20,), 501: (20,), 502: (20,), 601: (51,)}

faultNames = {101: 'bad username', 102: 'bad password', 103: 'bad A', 300: 'bad finished message', 301: 'bad MAC', 302: 'bad padding', 501: 'bad premaster padding', 502: 'short premaster secret', 601: 'bad verify message'}

genericFaults = [300, 301, 302]

serverFaults = [201]

shortPremasterSecret = 502

class tlslite.constants.GroupName[source]

Bases: TLSEnum

Name of groups supported for (EC)DH key exchange

all = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 256, 257, 258, 259, 260]

allEC = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30]

allFF = [256, 257, 258, 259, 260]

brainpoolP256r1 = 26

brainpoolP384r1 = 27

brainpoolP512r1 = 28

ffdhe2048 = 256

ffdhe3072 = 257

ffdhe4096 = 258

ffdhe6144 = 259

ffdhe8192 = 260

secp160k1 = 15

secp160r1 = 16

secp160r2 = 17

secp192k1 = 18

secp192r1 = 19

secp224k1 = 20

secp224r1 = 21

secp256k1 = 22

secp256r1 = 23

secp384r1 = 24

secp521r1 = 25

sect163k1 = 1

sect163r1 = 2

sect163r2 = 3

sect193r1 = 4

sect193r2 = 5

sect233k1 = 6

sect233r1 = 7

sect239k1 = 8

sect283k1 = 9

sect283r1 = 10

sect409k1 = 11

sect409r1 = 12

sect571k1 = 13

sect571r1 = 14

classmethod toRepr(value, blacklist=None)[source]: Convert numeric type to name representation

x25519 = 29

x448 = 30

class tlslite.constants.HandshakeType[source]

Bases: TLSEnum

Message types in TLS Handshake protocol

certificate = 11

certificate_request = 13

certificate_status = 22

certificate_verify = 15

client_hello = 1

client_key_exchange = 16

encrypted_extensions = 8

end_of_early_data = 5

finished = 20

hello_request = 0

hello_retry_request = 6

key_update = 24

message_hash = 254

new_session_ticket = 4

next_protocol = 67

server_hello = 2

server_hello_done = 14

server_key_exchange = 12

class tlslite.constants.HashAlgorithm[source]

Bases: TLSEnum

Hash algorithm IDs used in TLSv1.2

intrinsic = 8

md5 = 1

none = 0

sha1 = 2

sha224 = 3

sha256 = 4

sha384 = 5

sha512 = 6

class tlslite.constants.HeartbeatMessageType[source]

Bases: TLSEnum

Types of heartbeat messages from RFC 6520

heartbeat_request = 1

heartbeat_response = 2

class tlslite.constants.HeartbeatMode[source]

Bases: TLSEnum

Types of heartbeat modes from RFC 6520

PEER_ALLOWED_TO_SEND = 1

PEER_NOT_ALLOWED_TO_SEND = 2

class tlslite.constants.KeyUpdateMessageType[source]

Bases: TLSEnum

Types of keyupdate messages from RFC 8446

update_not_requested = 0

update_requested = 1

class tlslite.constants.NameType[source]

Bases: TLSEnum

Type of entries in Server Name Indication extension.

host_name = 0

class tlslite.constants.PskKeyExchangeMode[source]

Bases: TLSEnum

Values used in the PSK Key Exchange Modes extension.

psk_dhe_ke = 1

psk_ke = 0

class tlslite.constants.SSL2ErrorDescription[source]

Bases: TLSEnum

SSL2 Handshake protocol error message descriptions

bad_certificate = 4

no_certificate = 2

no_cipher = 1

unsupported_certificate_type = 6

class tlslite.constants.SSL2HandshakeType[source]

Bases: TLSEnum

SSL2 Handshake Protocol message types.

client_certificate = 8

client_finished = 3

client_hello = 1

client_master_key = 2

error = 0

request_certificate = 7

server_finished = 6

server_hello = 4

server_verify = 5

class tlslite.constants.SignatureAlgorithm[source]

Bases: TLSEnum

Signing algorithms used in TLSv1.2

anonymous = 0

dsa = 2

ecdsa = 3

ed25519 = 7

ed448 = 8

rsa = 1

class tlslite.constants.SignatureScheme[source]

Bases: TLSEnum

Signature scheme used for signalling supported signature algorithms.

This is the replacement for the HashAlgorithm and SignatureAlgorithm lists. Introduced with TLSv1.3.

dsa_sha1 = (2, 2)

dsa_sha224 = (3, 2)

dsa_sha256 = (4, 2)

dsa_sha384 = (5, 2)

dsa_sha512 = (6, 2)

ecdsa_secp256r1_sha256 = (4, 3)

ecdsa_secp384r1_sha384 = (5, 3)

ecdsa_secp521r1_sha512 = (6, 3)

ecdsa_sha1 = (2, 3)

ecdsa_sha224 = (3, 3)

ed25519 = (8, 7)

ed448 = (8, 8)

static getHash(scheme)[source]: Return the name of hash used in signature scheme.

static getKeyType(scheme)[source]

Return the name of the signature algorithm used in scheme.

E.g. for “rsa_pkcs1_sha1” it returns “rsa”

static getPadding(scheme)[source]: Return the name of padding scheme used in signature scheme.

rsa_pkcs1_sha1 = (2, 1)

rsa_pkcs1_sha224 = (3, 1)

rsa_pkcs1_sha256 = (4, 1)

rsa_pkcs1_sha384 = (5, 1)

rsa_pkcs1_sha512 = (6, 1)

rsa_pss_pss_sha256 = (8, 9)

rsa_pss_pss_sha384 = (8, 10)

rsa_pss_pss_sha512 = (8, 11)

rsa_pss_rsae_sha256 = (8, 4)

rsa_pss_rsae_sha384 = (8, 5)

rsa_pss_rsae_sha512 = (8, 6)

rsa_pss_sha256 = (8, 4)

rsa_pss_sha384 = (8, 5)

rsa_pss_sha512 = (8, 6)

classmethod toRepr(value, blacklist=None)[source]: Convert numeric type to name representation

class tlslite.constants.TLSEnum[source]

Bases: object

Base class for different enums of TLS IDs

classmethod toRepr(value, blacklist=None)[source]

Convert numeric type to string representation

name if found, None otherwise

classmethod toStr(value, blacklist=None)[source]: Convert numeric type to human-readable string if possible