tlslite.constants module

Constants used in various places.

class tlslite.constants.AlertDescription

Bases: tlslite.constants.TLSEnum

Variables:
  • bad_record_mac

    A TLS record failed to decrypt properly.

    If this occurs during a SRP handshake it most likely indicates a bad password. It may also indicate an implementation error, or some tampering with the data in transit.

    This alert will be signalled by the server if the SRP password is bad. It may also be signalled by the server if the SRP username is unknown to the server, but it doesn’t wish to reveal that fact.

  • handshake_failure

    A problem occurred while handshaking.

    This typically indicates a lack of common ciphersuites between client and server, or some other disagreement (about SRP parameters or key sizes, for example).

  • protocol_version

    The other party’s SSL/TLS version was unacceptable.

    This indicates that the client and server couldn’t agree on which version of SSL or TLS to use.

  • user_canceled – The handshake is being cancelled for some reason.
access_denied = 49
bad_certificate = 42
bad_certificate_hash_value = 114
bad_certificate_status_response = 113
bad_record_mac = 20
certificate_expired = 45
certificate_revoked = 44
certificate_unknown = 46
certificate_unobtainable = 111
close_notify = 0
decode_error = 50
decompression_failure = 30
decrypt_error = 51
decryption_failed = 21
export_restriction = 60
handshake_failure = 40
illegal_parameter = 47
inappropriate_fallback = 86
insufficient_security = 71
internal_error = 80
no_application_protocol = 120
no_certificate = 41
no_renegotiation = 100
protocol_version = 70
record_overflow = 22
unexpected_message = 10
unknown_ca = 48
unknown_psk_identity = 115
unrecognized_name = 112
unsupported_certificate = 43
unsupported_extension = 110
user_canceled = 90
class tlslite.constants.AlertLevel

Bases: tlslite.constants.TLSEnum

Enumeration of TLS Alert protocol levels

fatal = 2
warning = 1
class tlslite.constants.CertificateStatusType

Bases: tlslite.constants.TLSEnum

Type of responses in the status_request and CertificateStatus msgs.

ocsp = 1
class tlslite.constants.CertificateType

Bases: tlslite.constants.TLSEnum

openpgp = 1
x509 = 0
class tlslite.constants.CipherSuite

Bases: object

Numeric values of ciphersuites and ciphersuite types

Variables:
  • tripleDESSuites – ciphersuties which use 3DES symmetric cipher in CBC mode
  • aes128Suites – ciphersuites which use AES symmetric cipher in CBC mode with 128 bit key
  • aes256Suites – ciphersuites which use AES symmetric cipher in CBC mode with 128 bit key
  • rc4Suites – ciphersuites which use RC4 symmetric cipher with 128 bit key
  • shaSuites – ciphersuites which use SHA-1 HMAC integrity mechanism and protocol default Pseudo Random Function
  • sha256Suites – ciphersuites which use SHA-256 HMAC integrity mechanism and SHA-256 Pseudo Random Function
  • md5Suites – ciphersuites which use MD-5 HMAC integrity mechanism and protocol default Pseudo Random Function
  • srpSuites – ciphersuites which use Secure Remote Password (SRP) key exchange protocol
  • srpCertSuites – ciphersuites which use Secure Remote Password (SRP) key exchange protocol with RSA server authentication
  • srpAllSuites – all SRP ciphersuites, pure SRP and with RSA based server authentication
  • certSuites – ciphersuites which use RSA key exchange with RSA server authentication
  • certAllSuites – ciphersuites which use RSA server authentication
  • anonSuites – ciphersuites which use anonymous Finite Field Diffie-Hellman key exchange
  • ietfNames – dictionary with string names of the ciphersuites
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 458944
SSL_CK_DES_64_CBC_WITH_MD5 = 393280
SSL_CK_IDEA_128_CBC_WITH_MD5 = 327808
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 262272
SSL_CK_RC2_128_CBC_WITH_MD5 = 196736
SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 131200
SSL_CK_RC4_128_WITH_MD5 = 65664
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 103
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 158
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 107
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 159
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 52394
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00 = 52387
TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 27
TLS_DH_ANON_WITH_AES_128_CBC_SHA = 52
TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 108
TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 166
TLS_DH_ANON_WITH_AES_256_CBC_SHA = 58
TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 109
TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 167
TLS_DH_ANON_WITH_RC4_128_MD5 = 24
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 49160
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 49161
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 49187
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 49195
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 49162
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 49188
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 49196
TLS_ECDHE_ECDSA_WITH_NULL_SHA = 49158
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 49159
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 49170
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 49171
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 49191
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 49199
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 49172
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 49192
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 49200
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 52392
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00 = 52385
TLS_ECDHE_RSA_WITH_NULL_SHA = 49168
TLS_ECDHE_RSA_WITH_RC4_128_SHA = 49169
TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 49175
TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 49176
TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 49177
TLS_ECDH_ANON_WITH_NULL_SHA = 49173
TLS_ECDH_ANON_WITH_RC4_128_SHA = 49174
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 49155
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 49156
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 49189
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 49197
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 49157
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 49190
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 49198
TLS_ECDH_ECDSA_WITH_NULL_SHA = 49153
TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 49154
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 49165
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 49166
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 49193
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 49201
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 49167
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 49194
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 49202
TLS_ECDH_RSA_WITH_NULL_SHA = 49163
TLS_ECDH_RSA_WITH_RC4_128_SHA = 49164
TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 255
TLS_FALLBACK_SCSV = 22016
TLS_RSA_WITH_3DES_EDE_CBC_SHA = 10
TLS_RSA_WITH_AES_128_CBC_SHA = 47
TLS_RSA_WITH_AES_128_CBC_SHA256 = 60
TLS_RSA_WITH_AES_128_GCM_SHA256 = 156
TLS_RSA_WITH_AES_256_CBC_SHA = 53
TLS_RSA_WITH_AES_256_CBC_SHA256 = 61
TLS_RSA_WITH_AES_256_GCM_SHA384 = 157
TLS_RSA_WITH_NULL_MD5 = 1
TLS_RSA_WITH_NULL_SHA = 2
TLS_RSA_WITH_NULL_SHA256 = 59
TLS_RSA_WITH_RC4_128_MD5 = 4
TLS_RSA_WITH_RC4_128_SHA = 5
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 49179
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 49182
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 49185
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 49178
TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 49181
TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 49184
aeadSuites = [156, 158, 166, 49195, 49197, 49201, 49199, 157, 159, 167, 49196, 49198, 49202, 49200, 52392, 52394, 52385, 52387]

AEAD integrity, any PRF

aes128GcmSuites = [156, 158, 166, 49195, 49197, 49201, 49199]

AES-128 GCM ciphers

aes128Suites = [49181, 49182, 47, 51, 52, 60, 103, 108, 49187, 49161, 49189, 49156, 49193, 49166, 49171, 49191, 49176]

AES-128 CBC ciphers

aes256GcmSuites = [157, 159, 167, 49196, 49198, 49202, 49200]

AES-256-GCM ciphers (implicit SHA384, see sha384PrfSuites)

aes256Suites = [49184, 49185, 53, 58, 57, 61, 107, 109, 49188, 49162, 49190, 49157, 49194, 49167, 49172, 49192, 49177]

AES-256 CBC ciphers

anonSuites = [167, 166, 109, 58, 108, 52, 27, 24]

anon FFDHE key exchange

static canonicalCipherName(ciphersuite)

Return the canonical name of the cipher whose number is provided.

static canonicalMacName(ciphersuite)

Return the canonical name of the MAC whose number is provided.

certAllSuites = [49185, 49182, 49179, 157, 156, 61, 60, 53, 47, 10, 5, 4, 1, 2, 59, 52394, 52387, 159, 158, 107, 103, 57, 51, 22, 52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168]

RSA authentication

certSuites = [157, 156, 61, 60, 53, 47, 10, 5, 4, 1, 2, 59]

RSA key exchange, RSA authentication

chacha20Suites = [52392, 52394]

CHACHA20 cipher (implicit POLY1305 authenticator, SHA256 PRF)

chacha20draft00Suites = [52385, 52387]

CHACHA20 cipher, 00’th IETF draft (implicit POLY1305 authenticator)

dhAllSuites = [52394, 52387, 159, 158, 107, 103, 57, 51, 22, 167, 166, 109, 58, 108, 52, 27, 24]
dheCertSuites = [52394, 52387, 159, 158, 107, 103, 57, 51, 22]

FFDHE key exchange, RSA authentication

ecdhAllSuites = [49196, 49195, 49188, 49187, 49162, 49161, 49160, 49159, 49158, 52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173]

all ciphersuites which use ephemeral ECDH key exchange

ecdhAnonSuites = [49177, 49176, 49175, 49174, 49173]

anon ECDHE key exchange

ecdheCertSuites = [52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168]

ECDHE key exchange, RSA authentication

ecdheEcdsaSuites = [49196, 49195, 49188, 49187, 49162, 49161, 49160, 49159, 49158]

ECDHE key exchange, ECDSA authentication

static filterForVersion(suites, minVersion, maxVersion)

Return a copy of suites without ciphers incompatible with version

classmethod getAnonSuites(settings, version=None)

Provide anonymous DH ciphersuites matching settings

classmethod getCertSuites(settings, version=None)

Return ciphers with RSA authentication matching settings

classmethod getDheCertSuites(settings, version=None)

Provide authenticated DHE ciphersuites matching settings

classmethod getEcdhAnonSuites(settings, version=None)

Provide anonymous ECDH ciphersuites matching settings

classmethod getEcdheCertSuites(settings, version=None)

Provide authenticated ECDHE ciphersuites matching settings

classmethod getSrpAllSuites(settings, version=None)

Return all SRP cipher suites matching settings

classmethod getSrpCertSuites(settings, version=None)

Return SRP cipher suites that use server certificates

classmethod getSrpSuites(settings, version=None)

Return SRP cipher suites matching settings

ietfNames = {1: 'TLS_RSA_WITH_NULL_MD5', 2: 'TLS_RSA_WITH_NULL_SHA', 4: 'TLS_RSA_WITH_RC4_128_MD5', 5: 'TLS_RSA_WITH_RC4_128_SHA', 10: 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', 22: 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA', 24: 'TLS_DH_ANON_WITH_RC4_128_MD5', 27: 'TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA', 47: 'TLS_RSA_WITH_AES_128_CBC_SHA', 51: 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA', 52: 'TLS_DH_ANON_WITH_AES_128_CBC_SHA', 53: 'TLS_RSA_WITH_AES_256_CBC_SHA', 57: 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA', 58: 'TLS_DH_ANON_WITH_AES_256_CBC_SHA', 59: 'TLS_RSA_WITH_NULL_SHA256', 60: 'TLS_RSA_WITH_AES_128_CBC_SHA256', 61: 'TLS_RSA_WITH_AES_256_CBC_SHA256', 103: 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256', 107: 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256', 108: 'TLS_DH_ANON_WITH_AES_128_CBC_SHA256', 109: 'TLS_DH_ANON_WITH_AES_256_CBC_SHA256', 156: 'TLS_RSA_WITH_AES_128_GCM_SHA256', 157: 'TLS_RSA_WITH_AES_256_GCM_SHA384', 158: 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', 159: 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', 166: 'TLS_DH_ANON_WITH_AES_128_GCM_SHA256', 167: 'TLS_DH_ANON_WITH_AES_256_GCM_SHA384', 255: 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV', 22016: 'TLS_FALLBACK_SCSV', 49153: 'TLS_ECDH_ECDSA_WITH_NULL_SHA', 49154: 'TLS_ECDH_ECDSA_WITH_RC4_128_SHA', 49155: 'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA', 49156: 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA', 49157: 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA', 49158: 'TLS_ECDHE_ECDSA_WITH_NULL_SHA', 49159: 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', 49160: 'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA', 49161: 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', 49162: 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', 49163: 'TLS_ECDH_RSA_WITH_NULL_SHA', 49164: 'TLS_ECDH_RSA_WITH_RC4_128_SHA', 49165: 'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA', 49166: 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA', 49167: 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA', 49168: 'TLS_ECDHE_RSA_WITH_NULL_SHA', 49169: 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', 49170: 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', 49171: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 49172: 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 49173: 'TLS_ECDH_ANON_WITH_NULL_SHA', 49174: 'TLS_ECDH_ANON_WITH_RC4_128_SHA', 49175: 'TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA', 49176: 'TLS_ECDH_ANON_WITH_AES_128_CBC_SHA', 49177: 'TLS_ECDH_ANON_WITH_AES_256_CBC_SHA', 49178: 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA', 49179: 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA', 49181: 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA', 49182: 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA', 49184: 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA', 49185: 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA', 49187: 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', 49188: 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', 49189: 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256', 49190: 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384', 49191: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 49192: 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 49193: 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256', 49194: 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384', 49195: 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 49196: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 49197: 'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256', 49198: 'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384', 49199: 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 49200: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 49201: 'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256', 49202: 'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384', 52385: 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00', 52387: 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00', 52392: 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 52394: 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 65664: 'SSL_CK_RC4_128_WITH_MD5', 131200: 'SSL_CK_RC4_128_EXPORT40_WITH_MD5', 196736: 'SSL_CK_RC2_128_CBC_WITH_MD5', 262272: 'SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5', 327808: 'SSL_CK_IDEA_128_CBC_WITH_MD5', 393280: 'SSL_CK_DES_64_CBC_WITH_MD5', 458944: 'SSL_CK_DES_192_EDE3_CBC_WITH_MD5'}
md5Suites = [24, 4, 1]

MD-5 HMAC, protocol default PRF

nullSuites = [1, 2, 59, 49158, 49153, 49163, 49168, 49173]

no encryption

rc4Suites = [49169, 49159, 49154, 49164, 24, 5, 4, 49174]

RC4 128 stream cipher

sha256Suites = [60, 61, 103, 107, 59, 108, 109, 49187, 49189, 49193, 49191]

SHA-256 HMAC, SHA-256 PRF

sha384PrfSuites = [49188, 49190, 49194, 49192, 157, 159, 167, 49196, 49198, 49202, 49200]

TLS1.2 with SHA384 PRF

sha384Suites = [49188, 49190, 49194, 49192]

SHA-384 HMAC, SHA-384 PRF

shaSuites = [49178, 49181, 49184, 49179, 49182, 49185, 10, 47, 53, 5, 22, 51, 57, 52, 58, 27, 2, 49162, 49161, 49160, 49159, 49158, 49157, 49156, 49155, 49154, 49153, 49167, 49166, 49165, 49164, 49163, 49171, 49172, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173]

SHA-1 HMAC, protocol default PRF

srpAllSuites = [49184, 49181, 49178, 49185, 49182, 49179]

All that use SRP key exchange

srpCertSuites = [49185, 49182, 49179]

SRP key exchange, RSA authentication

srpSuites = [49184, 49181, 49178]

SRP key exchange, no certificate base authentication

ssl2_128Key = [65664, 131200, 196736, 262272, 327808]

SSL2 ciphersuties which use 128 bit key

ssl2_192Key = [458944]

SSL2 ciphersuites which use 192 bit key

ssl2_3des = [458944]

SSL2 ciphersuites which use 3DES symmetric cipher

ssl2_64Key = [393280]

SSL2 ciphersuites which use 64 bit key

ssl2des = [393280]

SSL2 ciphersuites which use (single) DES symmetric cipher

ssl2export = [131200, 262272]

SSL2 ciphersuites which encrypt only part (40 bits) of the key

ssl2idea = [327808]

SSL2 ciphersuites which use IDEA symmetric cipher

ssl2rc2 = [196736, 262272]

SSL2 ciphersuites which use RC2 symmetric cipher

ssl2rc4 = [65664, 131200]

SSL2 ciphersuites which use RC4 symmetric cipher

ssl3Suites = [49178, 49181, 49184, 49179, 49182, 49185, 10, 47, 53, 5, 22, 51, 57, 52, 58, 27, 2, 49162, 49161, 49160, 49159, 49158, 49157, 49156, 49155, 49154, 49153, 49167, 49166, 49165, 49164, 49163, 49171, 49172, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173, 24, 4, 1]

SSL3, TLS1.0, TLS1.1 and TLS1.2 compatible ciphers

streamSuites = [49169, 49159, 49154, 49164, 24, 5, 4, 49174, 1, 2, 59, 49158, 49153, 49163, 49168, 49173]

stream cipher construction

tls12Suites = [60, 61, 103, 107, 59, 108, 109, 49187, 49189, 49193, 49191, 49188, 49190, 49194, 49192, 156, 158, 166, 49195, 49197, 49201, 49199, 157, 159, 167, 49196, 49198, 49202, 49200, 52392, 52394, 52385, 52387]

TLS1.2 specific ciphersuites

tripleDESSuites = [49160, 49155, 49165, 49170, 49178, 49179, 10, 22, 27, 49175]

3DES CBC ciphers

class tlslite.constants.ClientCertificateType

Bases: tlslite.constants.TLSEnum

dss_fixed_dh = 4
dss_sign = 2
rsa_fixed_dh = 3
rsa_sign = 1
class tlslite.constants.ContentType

Bases: tlslite.constants.TLSEnum

TLS record layer content types of payloads

alert = 21
all = (20, 21, 22, 23)
application_data = 23
change_cipher_spec = 20
handshake = 22
classmethod toRepr(value, blacklist=None)

Convert numeric type to name representation

class tlslite.constants.ECCurveType

Bases: tlslite.constants.TLSEnum

Types of ECC curves supported in TLS from RFC4492

explicit_char2 = 2
explicit_prime = 1
named_curve = 3
class tlslite.constants.ECPointFormat

Bases: tlslite.constants.TLSEnum

Names and ID’s of supported EC point formats.

all = [0, 1, 2]
ansiX962_compressed_char2 = 2
ansiX962_compressed_prime = 1
classmethod toRepr(value, blacklist=None)

Convert numeric type to name representation.

uncompressed = 0
class tlslite.constants.ExtensionType

Bases: tlslite.constants.TLSEnum

TLS Extension Type registry values

alpn = 16
cert_type = 9
client_hello_padding = 21
ec_point_formats = 11
encrypt_then_mac = 22
extended_master_secret = 23
renegotiation_info = 65281
server_name = 0
signature_algorithms = 13
srp = 12
status_request = 5
supported_groups = 10
supports_npn = 13172
tack = 62208
class tlslite.constants.Fault

Bases: object

badA = 103
badB = 201
badFinished = 300
badMAC = 301
badPadding = 302
badPassword = 102
badPremasterPadding = 501
badUsername = 101
badVerifyMessage = 601
clientCertFaults = [601]
clientNoAuthFaults = [501, 502]
clientSrpFaults = [101, 102, 103]
faultAlerts = {101: (115, 20), 102: (20,), 103: (47,), 300: (51,), 301: (20,), 302: (20,), 501: (20,), 502: (20,), 601: (51,)}
faultNames = {101: 'bad username', 102: 'bad password', 103: 'bad A', 300: 'bad finished message', 301: 'bad MAC', 302: 'bad padding', 501: 'bad premaster padding', 502: 'short premaster secret', 601: 'bad verify message'}
genericFaults = [300, 301, 302]
serverFaults = [201]
shortPremasterSecret = 502
class tlslite.constants.GroupName

Bases: tlslite.constants.TLSEnum

Name of groups supported for (EC)DH key exchange

all = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 256, 257, 258, 259, 260]
allEC = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30]
allFF = [256, 257, 258, 259, 260]
brainpoolP256r1 = 26
brainpoolP384r1 = 27
brainpoolP512r1 = 28
ffdhe2048 = 256
ffdhe3072 = 257
ffdhe4096 = 258
ffdhe6144 = 259
ffdhe8192 = 260
secp160k1 = 15
secp160r1 = 16
secp160r2 = 17
secp192k1 = 18
secp192r1 = 19
secp224k1 = 20
secp224r1 = 21
secp256k1 = 22
secp256r1 = 23
secp384r1 = 24
secp521r1 = 25
sect163k1 = 1
sect163r1 = 2
sect163r2 = 3
sect193r1 = 4
sect193r2 = 5
sect233k1 = 6
sect233r1 = 7
sect239k1 = 8
sect283k1 = 9
sect283r1 = 10
sect409k1 = 11
sect409r1 = 12
sect571k1 = 13
sect571r1 = 14
classmethod toRepr(value, blacklist=None)

Convert numeric type to name representation

x25519 = 29
x448 = 30
class tlslite.constants.HandshakeType

Bases: tlslite.constants.TLSEnum

Message types in TLS Handshake protocol

certificate = 11
certificate_request = 13
certificate_status = 22
certificate_verify = 15
client_hello = 1
client_key_exchange = 16
finished = 20
hello_request = 0
next_protocol = 67
server_hello = 2
server_hello_done = 14
server_key_exchange = 12
class tlslite.constants.HashAlgorithm

Bases: tlslite.constants.TLSEnum

Hash algorithm IDs used in TLSv1.2

md5 = 1
none = 0
sha1 = 2
sha224 = 3
sha256 = 4
sha384 = 5
sha512 = 6
class tlslite.constants.NameType

Bases: tlslite.constants.TLSEnum

Type of entries in Server Name Indication extension.

host_name = 0
class tlslite.constants.SSL2ErrorDescription

Bases: tlslite.constants.TLSEnum

SSL2 Handshake protocol error message descriptions

bad_certificate = 4
no_certificate = 2
no_cipher = 1
unsupported_certificate_type = 6
class tlslite.constants.SSL2HandshakeType

Bases: tlslite.constants.TLSEnum

SSL2 Handshake Protocol message types.

client_certificate = 8
client_finished = 3
client_hello = 1
client_master_key = 2
error = 0
request_certificate = 7
server_finished = 6
server_hello = 4
server_verify = 5
class tlslite.constants.SignatureAlgorithm

Bases: tlslite.constants.TLSEnum

Signing algorithms used in TLSv1.2

anonymous = 0
dsa = 2
ecdsa = 3
rsa = 1
class tlslite.constants.SignatureScheme

Bases: tlslite.constants.TLSEnum

Signature scheme used for signalling supported signature algorithms.

This is the replacement for the HashAlgorithm and SignatureAlgorithm lists. Introduced with TLSv1.3.

static getHash(scheme)

Return the name of hash used in signature scheme.

static getKeyType(scheme)

Return the name of the signature algorithm used in scheme.

E.g. for “rsa_pkcs1_sha1” it returns “rsa”

static getPadding(scheme)

Return the name of padding scheme used in signature scheme.

rsa_pkcs1_sha1 = (2, 1)
rsa_pkcs1_sha256 = (4, 1)
rsa_pkcs1_sha384 = (5, 1)
rsa_pkcs1_sha512 = (6, 1)
rsa_pss_sha256 = (8, 4)
rsa_pss_sha384 = (8, 5)
rsa_pss_sha512 = (8, 6)
classmethod toRepr(value, blacklist=None)

Convert numeric type to name representation

class tlslite.constants.TLSEnum

Bases: object

Base class for different enums of TLS IDs

classmethod toRepr(value, blacklist=None)

Convert numeric type to string representation

name if found, None otherwise

classmethod toStr(value, blacklist=None)

Convert numeric type to human-readable string if possible