tlslite.session module
Class representing a TLS session.
- class tlslite.session.Session[source]
Bases:
object
This class represents a TLS session.
TLS distinguishes between connections and sessions. A new handshake creates both a connection and a session. Data is transmitted over the connection.
The session contains a more permanent record of the handshake. The session can be inspected to determine handshake results. The session can also be used to create a new connection through “session resumption”. If the client and server both support this, they can create a new connection based on an old session without the overhead of a full handshake.
The session for a
TLSConnection
can be retrieved from the connection’s ‘session’ attribute.- Variables:
srpUsername (str) – The client’s SRP username (or None).
clientCertChain (X509CertChain) – The client’s certificate chain (or None).
serverCertChain (X509CertChain) – The server’s certificate chain (or None).
tackExt (tack.structures.TackExtension.TackExtension) – The server’s TackExtension (or None).
tackInHelloExt (bool) – True if a TACK was presented via TLS Extension.
~.encryptThenMAC (bool) – True if connection uses CBC cipher in encrypt-then-MAC mode
appProto (bytearray) – name of the negotiated application level protocol, None if not negotiated
cl_app_secret (bytearray) – key used for deriving keys used by client to encrypt and protect data in TLS 1.3
sr_app_secret (bytearray) – key used for deriving keys used by server to encrypt and protect data in TLS 1.3
exporterMasterSecret (bytearray) – master secret used for TLS Exporter in TLS1.3
resumptionMasterSecret (bytearray) – master secret used for session resumption in TLS 1.3
tickets (list) – list of TLS 1.3 session tickets received from the server
tls_1_0_tickets (list) – list of TLS 1.2 and earlier session tickets received from the server
- create(masterSecret, sessionID, cipherSuite, srpUsername, clientCertChain, serverCertChain, tackExt, tackInHelloExt, serverName, resumable=True, encryptThenMAC=False, extendedMasterSecret=False, appProto=bytearray(b''), cl_app_secret=bytearray(b''), sr_app_secret=bytearray(b''), exporterMasterSecret=bytearray(b''), resumptionMasterSecret=bytearray(b''), tickets=None, tls_1_0_tickets=None)[source]
- getCipherName()[source]
Get the name of the cipher used with this connection.
- Return type:
- Returns:
The name of the cipher used with this connection.
- class tlslite.session.Ticket(ticket, ticket_lifetime, master_secret, cipher_suite)[source]
Bases:
object
This class holds the ticket and ticket lifetime which are recieved from the server, together with the session object, it’s all the information needed to resume a session using SessionTickets in TLSv1.2. Currently objects of this class are only used in client side session cache where we can iterate over them and use them for resumption when possible.
- Variables:
ticket (bytearray) – the actual ticket recieved from the server
ticket_lifetime (int) – lifetime of the ticket defined by the server
master_secret (bytearray) – master secret used to resume the session
cipher_suite (int) – ciphersuite used to resume the session
time_recieved (int) – the actual time when we recieved the ticket
- tlslite.session.bytes_to_int(bytes, byteorder='big', *, signed=False)
Return the integer represented by the given array of bytes.
- bytes
Holds the array of bytes to convert. The argument must either support the buffer protocol or be an iterable object producing bytes. Bytes and bytearray are examples of built-in objects that support the buffer protocol.
- byteorder
The byte order used to represent the integer. If byteorder is ‘big’, the most significant byte is at the beginning of the byte array. If byteorder is ‘little’, the most significant byte is at the end of the byte array. To request the native byte order of the host system, use `sys.byteorder’ as the byte order value. Default is to use ‘big’.
- signed
Indicates whether two’s complement is used to represent the integer.