tlslite.constants module¶
Constants used in various places.
-
class
tlslite.constants.
AlertDescription
¶ Bases:
tlslite.constants.TLSEnum
Variables: - bad_record_mac –
A TLS record failed to decrypt properly.
If this occurs during a SRP handshake it most likely indicates a bad password. It may also indicate an implementation error, or some tampering with the data in transit.
This alert will be signalled by the server if the SRP password is bad. It may also be signalled by the server if the SRP username is unknown to the server, but it doesn’t wish to reveal that fact.
- handshake_failure –
A problem occurred while handshaking.
This typically indicates a lack of common ciphersuites between client and server, or some other disagreement (about SRP parameters or key sizes, for example).
- protocol_version –
The other party’s SSL/TLS version was unacceptable.
This indicates that the client and server couldn’t agree on which version of SSL or TLS to use.
- user_canceled – The handshake is being cancelled for some reason.
-
access_denied
= 49¶
-
bad_certificate
= 42¶
-
bad_certificate_hash_value
= 114¶
-
bad_certificate_status_response
= 113¶
-
bad_record_mac
= 20¶
-
certificate_expired
= 45¶
-
certificate_revoked
= 44¶
-
certificate_unknown
= 46¶
-
certificate_unobtainable
= 111¶
-
close_notify
= 0¶
-
decode_error
= 50¶
-
decompression_failure
= 30¶
-
decrypt_error
= 51¶
-
decryption_failed
= 21¶
-
export_restriction
= 60¶
-
handshake_failure
= 40¶
-
illegal_parameter
= 47¶
-
inappropriate_fallback
= 86¶
-
insufficient_security
= 71¶
-
internal_error
= 80¶
-
no_application_protocol
= 120¶
-
no_certificate
= 41¶
-
no_renegotiation
= 100¶
-
protocol_version
= 70¶
-
record_overflow
= 22¶
-
unexpected_message
= 10¶
-
unknown_ca
= 48¶
-
unknown_psk_identity
= 115¶
-
unrecognized_name
= 112¶
-
unsupported_certificate
= 43¶
-
unsupported_extension
= 110¶
-
user_canceled
= 90¶
- bad_record_mac –
-
class
tlslite.constants.
AlertLevel
¶ Bases:
tlslite.constants.TLSEnum
Enumeration of TLS Alert protocol levels
-
fatal
= 2¶
-
warning
= 1¶
-
-
class
tlslite.constants.
CertificateStatusType
¶ Bases:
tlslite.constants.TLSEnum
Type of responses in the status_request and CertificateStatus msgs.
-
ocsp
= 1¶
-
-
class
tlslite.constants.
CertificateType
¶ Bases:
tlslite.constants.TLSEnum
-
openpgp
= 1¶
-
x509
= 0¶
-
-
class
tlslite.constants.
CipherSuite
¶ Bases:
object
Numeric values of ciphersuites and ciphersuite types
Variables: - tripleDESSuites – ciphersuties which use 3DES symmetric cipher in CBC mode
- aes128Suites – ciphersuites which use AES symmetric cipher in CBC mode with 128 bit key
- aes256Suites – ciphersuites which use AES symmetric cipher in CBC mode with 128 bit key
- rc4Suites – ciphersuites which use RC4 symmetric cipher with 128 bit key
- shaSuites – ciphersuites which use SHA-1 HMAC integrity mechanism and protocol default Pseudo Random Function
- sha256Suites – ciphersuites which use SHA-256 HMAC integrity mechanism and SHA-256 Pseudo Random Function
- md5Suites – ciphersuites which use MD-5 HMAC integrity mechanism and protocol default Pseudo Random Function
- srpSuites – ciphersuites which use Secure Remote Password (SRP) key exchange protocol
- srpCertSuites – ciphersuites which use Secure Remote Password (SRP) key exchange protocol with RSA server authentication
- srpAllSuites – all SRP ciphersuites, pure SRP and with RSA based server authentication
- certSuites – ciphersuites which use RSA key exchange with RSA server authentication
- certAllSuites – ciphersuites which use RSA server authentication
- anonSuites – ciphersuites which use anonymous Finite Field Diffie-Hellman key exchange
- ietfNames – dictionary with string names of the ciphersuites
-
SSL_CK_DES_192_EDE3_CBC_WITH_MD5
= 458944¶
-
SSL_CK_DES_64_CBC_WITH_MD5
= 393280¶
-
SSL_CK_IDEA_128_CBC_WITH_MD5
= 327808¶
-
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5
= 262272¶
-
SSL_CK_RC2_128_CBC_WITH_MD5
= 196736¶
-
SSL_CK_RC4_128_EXPORT40_WITH_MD5
= 131200¶
-
SSL_CK_RC4_128_WITH_MD5
= 65664¶
-
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
= 22¶
-
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
= 51¶
-
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
= 103¶
-
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
= 158¶
-
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
= 57¶
-
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
= 107¶
-
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
= 159¶
-
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
= 52394¶
-
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00
= 52387¶
-
TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA
= 27¶
-
TLS_DH_ANON_WITH_AES_128_CBC_SHA
= 52¶
-
TLS_DH_ANON_WITH_AES_128_CBC_SHA256
= 108¶
-
TLS_DH_ANON_WITH_AES_128_GCM_SHA256
= 166¶
-
TLS_DH_ANON_WITH_AES_256_CBC_SHA
= 58¶
-
TLS_DH_ANON_WITH_AES_256_CBC_SHA256
= 109¶
-
TLS_DH_ANON_WITH_AES_256_GCM_SHA384
= 167¶
-
TLS_DH_ANON_WITH_RC4_128_MD5
= 24¶
-
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
= 49160¶
-
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
= 49161¶
-
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
= 49187¶
-
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
= 49195¶
-
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
= 49162¶
-
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
= 49188¶
-
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
= 49196¶
-
TLS_ECDHE_ECDSA_WITH_NULL_SHA
= 49158¶
-
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
= 49159¶
-
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
= 49170¶
-
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
= 49171¶
-
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
= 49191¶
-
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
= 49199¶
-
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
= 49172¶
-
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
= 49192¶
-
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
= 49200¶
-
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
= 52392¶
-
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00
= 52385¶
-
TLS_ECDHE_RSA_WITH_NULL_SHA
= 49168¶
-
TLS_ECDHE_RSA_WITH_RC4_128_SHA
= 49169¶
-
TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA
= 49175¶
-
TLS_ECDH_ANON_WITH_AES_128_CBC_SHA
= 49176¶
-
TLS_ECDH_ANON_WITH_AES_256_CBC_SHA
= 49177¶
-
TLS_ECDH_ANON_WITH_NULL_SHA
= 49173¶
-
TLS_ECDH_ANON_WITH_RC4_128_SHA
= 49174¶
-
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
= 49155¶
-
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
= 49156¶
-
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
= 49189¶
-
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
= 49197¶
-
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
= 49157¶
-
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
= 49190¶
-
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
= 49198¶
-
TLS_ECDH_ECDSA_WITH_NULL_SHA
= 49153¶
-
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
= 49154¶
-
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
= 49165¶
-
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
= 49166¶
-
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
= 49193¶
-
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
= 49201¶
-
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
= 49167¶
-
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
= 49194¶
-
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
= 49202¶
-
TLS_ECDH_RSA_WITH_NULL_SHA
= 49163¶
-
TLS_ECDH_RSA_WITH_RC4_128_SHA
= 49164¶
-
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
= 255¶
-
TLS_FALLBACK_SCSV
= 22016¶
-
TLS_RSA_WITH_3DES_EDE_CBC_SHA
= 10¶
-
TLS_RSA_WITH_AES_128_CBC_SHA
= 47¶
-
TLS_RSA_WITH_AES_128_CBC_SHA256
= 60¶
-
TLS_RSA_WITH_AES_128_GCM_SHA256
= 156¶
-
TLS_RSA_WITH_AES_256_CBC_SHA
= 53¶
-
TLS_RSA_WITH_AES_256_CBC_SHA256
= 61¶
-
TLS_RSA_WITH_AES_256_GCM_SHA384
= 157¶
-
TLS_RSA_WITH_NULL_MD5
= 1¶
-
TLS_RSA_WITH_NULL_SHA
= 2¶
-
TLS_RSA_WITH_NULL_SHA256
= 59¶
-
TLS_RSA_WITH_RC4_128_MD5
= 4¶
-
TLS_RSA_WITH_RC4_128_SHA
= 5¶
-
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
= 49179¶
-
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
= 49182¶
-
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
= 49185¶
-
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA
= 49178¶
-
TLS_SRP_SHA_WITH_AES_128_CBC_SHA
= 49181¶
-
TLS_SRP_SHA_WITH_AES_256_CBC_SHA
= 49184¶
-
aeadSuites
= [156, 158, 166, 49195, 49197, 49201, 49199, 157, 159, 167, 49196, 49198, 49202, 49200, 52392, 52394, 52385, 52387]¶ AEAD integrity, any PRF
-
aes128GcmSuites
= [156, 158, 166, 49195, 49197, 49201, 49199]¶ AES-128 GCM ciphers
-
aes128Suites
= [49181, 49182, 47, 51, 52, 60, 103, 108, 49187, 49161, 49189, 49156, 49193, 49166, 49171, 49191, 49176]¶ AES-128 CBC ciphers
-
aes256GcmSuites
= [157, 159, 167, 49196, 49198, 49202, 49200]¶ AES-256-GCM ciphers (implicit SHA384, see sha384PrfSuites)
-
aes256Suites
= [49184, 49185, 53, 58, 57, 61, 107, 109, 49188, 49162, 49190, 49157, 49194, 49167, 49172, 49192, 49177]¶ AES-256 CBC ciphers
-
anonSuites
= [167, 166, 109, 58, 108, 52, 27, 24]¶ anon FFDHE key exchange
-
static
canonicalCipherName
(ciphersuite)¶ Return the canonical name of the cipher whose number is provided.
-
static
canonicalMacName
(ciphersuite)¶ Return the canonical name of the MAC whose number is provided.
-
certAllSuites
= [49185, 49182, 49179, 157, 156, 61, 60, 53, 47, 10, 5, 4, 1, 2, 59, 52394, 52387, 159, 158, 107, 103, 57, 51, 22, 52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168]¶ RSA authentication
-
certSuites
= [157, 156, 61, 60, 53, 47, 10, 5, 4, 1, 2, 59]¶ RSA key exchange, RSA authentication
-
chacha20Suites
= [52392, 52394]¶ CHACHA20 cipher (implicit POLY1305 authenticator, SHA256 PRF)
-
chacha20draft00Suites
= [52385, 52387]¶ CHACHA20 cipher, 00’th IETF draft (implicit POLY1305 authenticator)
-
dhAllSuites
= [52394, 52387, 159, 158, 107, 103, 57, 51, 22, 167, 166, 109, 58, 108, 52, 27, 24]¶
-
dheCertSuites
= [52394, 52387, 159, 158, 107, 103, 57, 51, 22]¶ FFDHE key exchange, RSA authentication
-
ecdhAllSuites
= [49196, 49195, 49188, 49187, 49162, 49161, 49160, 49159, 49158, 52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173]¶ all ciphersuites which use ephemeral ECDH key exchange
-
ecdhAnonSuites
= [49177, 49176, 49175, 49174, 49173]¶ anon ECDHE key exchange
-
ecdheCertSuites
= [52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168]¶ ECDHE key exchange, RSA authentication
-
ecdheEcdsaSuites
= [49196, 49195, 49188, 49187, 49162, 49161, 49160, 49159, 49158]¶ ECDHE key exchange, ECDSA authentication
-
static
filterForVersion
(suites, minVersion, maxVersion)¶ Return a copy of suites without ciphers incompatible with version
-
classmethod
getAnonSuites
(settings, version=None)¶ Provide anonymous DH ciphersuites matching settings
-
classmethod
getCertSuites
(settings, version=None)¶ Return ciphers with RSA authentication matching settings
-
classmethod
getDheCertSuites
(settings, version=None)¶ Provide authenticated DHE ciphersuites matching settings
-
classmethod
getEcdhAnonSuites
(settings, version=None)¶ Provide anonymous ECDH ciphersuites matching settings
-
classmethod
getEcdheCertSuites
(settings, version=None)¶ Provide authenticated ECDHE ciphersuites matching settings
-
classmethod
getSrpAllSuites
(settings, version=None)¶ Return all SRP cipher suites matching settings
-
classmethod
getSrpCertSuites
(settings, version=None)¶ Return SRP cipher suites that use server certificates
-
classmethod
getSrpSuites
(settings, version=None)¶ Return SRP cipher suites matching settings
-
ietfNames
= {1: 'TLS_RSA_WITH_NULL_MD5', 2: 'TLS_RSA_WITH_NULL_SHA', 4: 'TLS_RSA_WITH_RC4_128_MD5', 5: 'TLS_RSA_WITH_RC4_128_SHA', 10: 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', 22: 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA', 24: 'TLS_DH_ANON_WITH_RC4_128_MD5', 27: 'TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA', 47: 'TLS_RSA_WITH_AES_128_CBC_SHA', 51: 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA', 52: 'TLS_DH_ANON_WITH_AES_128_CBC_SHA', 53: 'TLS_RSA_WITH_AES_256_CBC_SHA', 57: 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA', 58: 'TLS_DH_ANON_WITH_AES_256_CBC_SHA', 59: 'TLS_RSA_WITH_NULL_SHA256', 60: 'TLS_RSA_WITH_AES_128_CBC_SHA256', 61: 'TLS_RSA_WITH_AES_256_CBC_SHA256', 103: 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256', 107: 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256', 108: 'TLS_DH_ANON_WITH_AES_128_CBC_SHA256', 109: 'TLS_DH_ANON_WITH_AES_256_CBC_SHA256', 156: 'TLS_RSA_WITH_AES_128_GCM_SHA256', 157: 'TLS_RSA_WITH_AES_256_GCM_SHA384', 158: 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', 159: 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', 166: 'TLS_DH_ANON_WITH_AES_128_GCM_SHA256', 167: 'TLS_DH_ANON_WITH_AES_256_GCM_SHA384', 255: 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV', 22016: 'TLS_FALLBACK_SCSV', 49153: 'TLS_ECDH_ECDSA_WITH_NULL_SHA', 49154: 'TLS_ECDH_ECDSA_WITH_RC4_128_SHA', 49155: 'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA', 49156: 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA', 49157: 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA', 49158: 'TLS_ECDHE_ECDSA_WITH_NULL_SHA', 49159: 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', 49160: 'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA', 49161: 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', 49162: 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', 49163: 'TLS_ECDH_RSA_WITH_NULL_SHA', 49164: 'TLS_ECDH_RSA_WITH_RC4_128_SHA', 49165: 'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA', 49166: 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA', 49167: 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA', 49168: 'TLS_ECDHE_RSA_WITH_NULL_SHA', 49169: 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', 49170: 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', 49171: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 49172: 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 49173: 'TLS_ECDH_ANON_WITH_NULL_SHA', 49174: 'TLS_ECDH_ANON_WITH_RC4_128_SHA', 49175: 'TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA', 49176: 'TLS_ECDH_ANON_WITH_AES_128_CBC_SHA', 49177: 'TLS_ECDH_ANON_WITH_AES_256_CBC_SHA', 49178: 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA', 49179: 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA', 49181: 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA', 49182: 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA', 49184: 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA', 49185: 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA', 49187: 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', 49188: 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', 49189: 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256', 49190: 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384', 49191: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 49192: 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 49193: 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256', 49194: 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384', 49195: 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 49196: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 49197: 'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256', 49198: 'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384', 49199: 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 49200: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 49201: 'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256', 49202: 'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384', 52385: 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00', 52387: 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00', 52392: 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 52394: 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 65664: 'SSL_CK_RC4_128_WITH_MD5', 131200: 'SSL_CK_RC4_128_EXPORT40_WITH_MD5', 196736: 'SSL_CK_RC2_128_CBC_WITH_MD5', 262272: 'SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5', 327808: 'SSL_CK_IDEA_128_CBC_WITH_MD5', 393280: 'SSL_CK_DES_64_CBC_WITH_MD5', 458944: 'SSL_CK_DES_192_EDE3_CBC_WITH_MD5'}¶
-
md5Suites
= [24, 4, 1]¶ MD-5 HMAC, protocol default PRF
-
nullSuites
= [1, 2, 59, 49158, 49153, 49163, 49168, 49173]¶ no encryption
-
rc4Suites
= [49169, 49159, 49154, 49164, 24, 5, 4, 49174]¶ RC4 128 stream cipher
-
sha256Suites
= [60, 61, 103, 107, 59, 108, 109, 49187, 49189, 49193, 49191]¶ SHA-256 HMAC, SHA-256 PRF
-
sha384PrfSuites
= [49188, 49190, 49194, 49192, 157, 159, 167, 49196, 49198, 49202, 49200]¶ TLS1.2 with SHA384 PRF
-
sha384Suites
= [49188, 49190, 49194, 49192]¶ SHA-384 HMAC, SHA-384 PRF
-
shaSuites
= [49178, 49181, 49184, 49179, 49182, 49185, 10, 47, 53, 5, 22, 51, 57, 52, 58, 27, 2, 49162, 49161, 49160, 49159, 49158, 49157, 49156, 49155, 49154, 49153, 49167, 49166, 49165, 49164, 49163, 49171, 49172, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173]¶ SHA-1 HMAC, protocol default PRF
-
srpAllSuites
= [49184, 49181, 49178, 49185, 49182, 49179]¶ All that use SRP key exchange
-
srpCertSuites
= [49185, 49182, 49179]¶ SRP key exchange, RSA authentication
-
srpSuites
= [49184, 49181, 49178]¶ SRP key exchange, no certificate base authentication
-
ssl2_128Key
= [65664, 131200, 196736, 262272, 327808]¶ SSL2 ciphersuties which use 128 bit key
-
ssl2_192Key
= [458944]¶ SSL2 ciphersuites which use 192 bit key
-
ssl2_3des
= [458944]¶ SSL2 ciphersuites which use 3DES symmetric cipher
-
ssl2_64Key
= [393280]¶ SSL2 ciphersuites which use 64 bit key
-
ssl2des
= [393280]¶ SSL2 ciphersuites which use (single) DES symmetric cipher
-
ssl2export
= [131200, 262272]¶ SSL2 ciphersuites which encrypt only part (40 bits) of the key
-
ssl2idea
= [327808]¶ SSL2 ciphersuites which use IDEA symmetric cipher
-
ssl2rc2
= [196736, 262272]¶ SSL2 ciphersuites which use RC2 symmetric cipher
-
ssl2rc4
= [65664, 131200]¶ SSL2 ciphersuites which use RC4 symmetric cipher
-
ssl3Suites
= [49178, 49181, 49184, 49179, 49182, 49185, 10, 47, 53, 5, 22, 51, 57, 52, 58, 27, 2, 49162, 49161, 49160, 49159, 49158, 49157, 49156, 49155, 49154, 49153, 49167, 49166, 49165, 49164, 49163, 49171, 49172, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173, 24, 4, 1]¶ SSL3, TLS1.0, TLS1.1 and TLS1.2 compatible ciphers
-
streamSuites
= [49169, 49159, 49154, 49164, 24, 5, 4, 49174, 1, 2, 59, 49158, 49153, 49163, 49168, 49173]¶ stream cipher construction
-
tls12Suites
= [60, 61, 103, 107, 59, 108, 109, 49187, 49189, 49193, 49191, 49188, 49190, 49194, 49192, 156, 158, 166, 49195, 49197, 49201, 49199, 157, 159, 167, 49196, 49198, 49202, 49200, 52392, 52394, 52385, 52387]¶ TLS1.2 specific ciphersuites
-
tripleDESSuites
= [49160, 49155, 49165, 49170, 49178, 49179, 10, 22, 27, 49175]¶ 3DES CBC ciphers
-
class
tlslite.constants.
ClientCertificateType
¶ Bases:
tlslite.constants.TLSEnum
-
dss_fixed_dh
= 4¶
-
dss_sign
= 2¶
-
rsa_fixed_dh
= 3¶
-
rsa_sign
= 1¶
-
-
class
tlslite.constants.
ContentType
¶ Bases:
tlslite.constants.TLSEnum
TLS record layer content types of payloads
-
alert
= 21¶
-
all
= (20, 21, 22, 23)¶
-
application_data
= 23¶
-
change_cipher_spec
= 20¶
-
handshake
= 22¶
-
classmethod
toRepr
(value, blacklist=None)¶ Convert numeric type to name representation
-
-
class
tlslite.constants.
ECCurveType
¶ Bases:
tlslite.constants.TLSEnum
Types of ECC curves supported in TLS from RFC4492
-
explicit_char2
= 2¶
-
explicit_prime
= 1¶
-
named_curve
= 3¶
-
-
class
tlslite.constants.
ECPointFormat
¶ Bases:
tlslite.constants.TLSEnum
Names and ID’s of supported EC point formats.
-
all
= [0, 1, 2]¶
-
ansiX962_compressed_char2
= 2¶
-
ansiX962_compressed_prime
= 1¶
-
classmethod
toRepr
(value, blacklist=None)¶ Convert numeric type to name representation.
-
uncompressed
= 0¶
-
-
class
tlslite.constants.
ExtensionType
¶ Bases:
tlslite.constants.TLSEnum
TLS Extension Type registry values
-
alpn
= 16¶
-
cert_type
= 9¶
-
client_hello_padding
= 21¶
-
ec_point_formats
= 11¶
-
encrypt_then_mac
= 22¶
-
extended_master_secret
= 23¶
-
renegotiation_info
= 65281¶
-
server_name
= 0¶
-
signature_algorithms
= 13¶
-
srp
= 12¶
-
status_request
= 5¶
-
supported_groups
= 10¶
-
supports_npn
= 13172¶
-
tack
= 62208¶
-
-
class
tlslite.constants.
Fault
¶ Bases:
object
-
badA
= 103¶
-
badB
= 201¶
-
badFinished
= 300¶
-
badMAC
= 301¶
-
badPadding
= 302¶
-
badPassword
= 102¶
-
badPremasterPadding
= 501¶
-
badUsername
= 101¶
-
badVerifyMessage
= 601¶
-
clientCertFaults
= [601]¶
-
clientNoAuthFaults
= [501, 502]¶
-
clientSrpFaults
= [101, 102, 103]¶
-
faultAlerts
= {101: (115, 20), 102: (20,), 103: (47,), 300: (51,), 301: (20,), 302: (20,), 501: (20,), 502: (20,), 601: (51,)}¶
-
faultNames
= {101: 'bad username', 102: 'bad password', 103: 'bad A', 300: 'bad finished message', 301: 'bad MAC', 302: 'bad padding', 501: 'bad premaster padding', 502: 'short premaster secret', 601: 'bad verify message'}¶
-
genericFaults
= [300, 301, 302]¶
-
serverFaults
= [201]¶
-
shortPremasterSecret
= 502¶
-
-
class
tlslite.constants.
GroupName
¶ Bases:
tlslite.constants.TLSEnum
Name of groups supported for (EC)DH key exchange
-
all
= [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 256, 257, 258, 259, 260]¶
-
allEC
= [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30]¶
-
allFF
= [256, 257, 258, 259, 260]¶
-
brainpoolP256r1
= 26¶
-
brainpoolP384r1
= 27¶
-
brainpoolP512r1
= 28¶
-
ffdhe2048
= 256¶
-
ffdhe3072
= 257¶
-
ffdhe4096
= 258¶
-
ffdhe6144
= 259¶
-
ffdhe8192
= 260¶
-
secp160k1
= 15¶
-
secp160r1
= 16¶
-
secp160r2
= 17¶
-
secp192k1
= 18¶
-
secp192r1
= 19¶
-
secp224k1
= 20¶
-
secp224r1
= 21¶
-
secp256k1
= 22¶
-
secp256r1
= 23¶
-
secp384r1
= 24¶
-
secp521r1
= 25¶
-
sect163k1
= 1¶
-
sect163r1
= 2¶
-
sect163r2
= 3¶
-
sect193r1
= 4¶
-
sect193r2
= 5¶
-
sect233k1
= 6¶
-
sect233r1
= 7¶
-
sect239k1
= 8¶
-
sect283k1
= 9¶
-
sect283r1
= 10¶
-
sect409k1
= 11¶
-
sect409r1
= 12¶
-
sect571k1
= 13¶
-
sect571r1
= 14¶
-
classmethod
toRepr
(value, blacklist=None)¶ Convert numeric type to name representation
-
x25519
= 29¶
-
x448
= 30¶
-
-
class
tlslite.constants.
HandshakeType
¶ Bases:
tlslite.constants.TLSEnum
Message types in TLS Handshake protocol
-
certificate
= 11¶
-
certificate_request
= 13¶
-
certificate_status
= 22¶
-
certificate_verify
= 15¶
-
client_hello
= 1¶
-
client_key_exchange
= 16¶
-
finished
= 20¶
-
hello_request
= 0¶
-
next_protocol
= 67¶
-
server_hello
= 2¶
-
server_hello_done
= 14¶
-
server_key_exchange
= 12¶
-
-
class
tlslite.constants.
HashAlgorithm
¶ Bases:
tlslite.constants.TLSEnum
Hash algorithm IDs used in TLSv1.2
-
md5
= 1¶
-
none
= 0¶
-
sha1
= 2¶
-
sha224
= 3¶
-
sha256
= 4¶
-
sha384
= 5¶
-
sha512
= 6¶
-
-
class
tlslite.constants.
NameType
¶ Bases:
tlslite.constants.TLSEnum
Type of entries in Server Name Indication extension.
-
host_name
= 0¶
-
-
class
tlslite.constants.
SSL2ErrorDescription
¶ Bases:
tlslite.constants.TLSEnum
SSL2 Handshake protocol error message descriptions
-
bad_certificate
= 4¶
-
no_certificate
= 2¶
-
no_cipher
= 1¶
-
unsupported_certificate_type
= 6¶
-
-
class
tlslite.constants.
SSL2HandshakeType
¶ Bases:
tlslite.constants.TLSEnum
SSL2 Handshake Protocol message types.
-
client_certificate
= 8¶
-
client_finished
= 3¶
-
client_hello
= 1¶
-
client_master_key
= 2¶
-
error
= 0¶
-
request_certificate
= 7¶
-
server_finished
= 6¶
-
server_hello
= 4¶
-
server_verify
= 5¶
-
-
class
tlslite.constants.
SignatureAlgorithm
¶ Bases:
tlslite.constants.TLSEnum
Signing algorithms used in TLSv1.2
-
anonymous
= 0¶
-
dsa
= 2¶
-
ecdsa
= 3¶
-
rsa
= 1¶
-
-
class
tlslite.constants.
SignatureScheme
¶ Bases:
tlslite.constants.TLSEnum
Signature scheme used for signalling supported signature algorithms.
This is the replacement for the HashAlgorithm and SignatureAlgorithm lists. Introduced with TLSv1.3.
-
static
getHash
(scheme)¶ Return the name of hash used in signature scheme.
-
static
getKeyType
(scheme)¶ Return the name of the signature algorithm used in scheme.
E.g. for “rsa_pkcs1_sha1” it returns “rsa”
-
static
getPadding
(scheme)¶ Return the name of padding scheme used in signature scheme.
-
rsa_pkcs1_sha1
= (2, 1)¶
-
rsa_pkcs1_sha256
= (4, 1)¶
-
rsa_pkcs1_sha384
= (5, 1)¶
-
rsa_pkcs1_sha512
= (6, 1)¶
-
rsa_pss_sha256
= (8, 4)¶
-
rsa_pss_sha384
= (8, 5)¶
-
rsa_pss_sha512
= (8, 6)¶
-
classmethod
toRepr
(value, blacklist=None)¶ Convert numeric type to name representation
-
static
-
class
tlslite.constants.
TLSEnum
¶ Bases:
object
Base class for different enums of TLS IDs
-
classmethod
toRepr
(value, blacklist=None)¶ Convert numeric type to string representation
name if found, None otherwise
-
classmethod
toStr
(value, blacklist=None)¶ Convert numeric type to human-readable string if possible
-
classmethod