Home | Trees | Indices | Help |
---|
|
This class encapsulates various parameters that can be used with a TLS handshake.
|
|||
|
|||
|
|||
HandshakeSettings |
|
||
Inherited from |
|
|||
|
|||
|
|||
|
|||
|
|
|||
int |
minKeySize The minimum bit length for asymmetric keys. |
||
int |
maxKeySize The maximum bit length for asymmetric keys. |
||
list |
cipherNames The allowed ciphers. |
||
list |
macNames The allowed MAC algorithms. |
||
list |
certificateTypes The allowed certificate types. |
||
tuple |
minVersion The minimum allowed SSL/TLS version. |
||
tuple |
maxVersion The maximum allowed SSL/TLS version. |
||
list |
eccCurves List of named curves that are to be supported |
||
bool |
requireExtendedMasterSecret whether to require negotiation of extended master secret calculation for successful connection. |
||
list |
rsaSigHashes List of hashes supported (and advertised as such) for TLS 1.2 signatures over Server Key Exchange or Certificate Verify with RSA signature algorithm. |
||
bool |
sendFallbackSCSV Whether to, as a client, send FALLBACK_SCSV. |
||
bool |
useEncryptThenMAC whether to support the encrypt then MAC extension from RFC 7366. |
||
bool |
useExperimentalTackExtension Whether to enabled TACK support. |
||
bool |
useExtendedMasterSecret whether to support the extended master secret calculation from RFC 7627. |
|
|||
Inherited from |
|
x.__init__(...) initializes x; see help(type(x)) for signature
|
Validate the settings, filter out unsupported ciphersuites and return a copy of object. Does not modify the original object.
|
|
minKeySizeThe minimum bit length for asymmetric keys.If the other party tries to use SRP, RSA, or Diffie-Hellman parameters smaller than this length, an alert will be signalled. The default is 1023.
|
maxKeySizeThe maximum bit length for asymmetric keys.If the other party tries to use SRP, RSA, or Diffie-Hellman parameters larger than this length, an alert will be signalled. The default is 8193.
|
cipherNamesThe allowed ciphers.The allowed values in this list are 'aes256', 'aes128', '3des', and 'rc4'. If these settings are used with a client handshake, they determine the order of the ciphersuites offered in the ClientHello message. If these settings are used with a server handshake, the server will choose whichever ciphersuite matches the earliest entry in this list. NOTE: If '3des' is used in this list, but TLS Lite can't find an add-on library that supports 3DES, then '3des' will be silently removed. The default value is ['rc4', 'aes256', 'aes128', '3des'].
|
macNamesThe allowed MAC algorithms.The allowed values in this list are 'sha' and 'md5'. The default value is ['sha'].
|
certificateTypesThe allowed certificate types.The only allowed certificate type is 'x509'. This list is only used with a client handshake. The client will advertise to the server which certificate types are supported, and will check that the server uses one of the appropriate types.
|
minVersionThe minimum allowed SSL/TLS version.This variable can be set to (3,0) for SSL 3.0, (3,1) for TLS 1.0, (3,2) for TLS 1.1, or (3,3) for TLS 1.2. If the other party wishes to use a lower version, a protocol_version alert will be signalled. The default is (3,1).
|
maxVersionThe maximum allowed SSL/TLS version.This variable can be set to (3,0) for SSL 3.0, (3,1) for TLS 1.0, (3,2) for TLS 1.1, or (3,3) for TLS 1.2. If the other party wishes to use a higher version, a protocol_version alert will be signalled. The default is (3,3). (WARNING: Some servers may (improperly) reject clients which offer support for TLS 1.1. In this case, try lowering maxVersion to (3,1)).
|
requireExtendedMasterSecretwhether to require negotiation of extended master secret calculation for successful connection. Requires useExtendedMasterSecret to be set to true. False by default.
|
rsaSigHashesList of hashes supported (and advertised as such) for TLS 1.2 signatures over Server Key Exchange or Certificate Verify with RSA signature algorithm.The list is sorted from most wanted to least wanted algorithm. The allowed hashes are: "md5", "sha1", "sha224", "sha256", "sha384" and "sha512". The default list does not include md5.
|
useEncryptThenMACwhether to support the encrypt then MAC extension from RFC 7366. True by default.
|
useExperimentalTackExtensionWhether to enabled TACK support.Note that TACK support is not standardized by IETF and uses a temporary TLS Extension number, so should NOT be used in production software.
|
useExtendedMasterSecretwhether to support the extended master secret calculation from RFC 7627. True by default.
|
Home | Trees | Indices | Help |
---|
Generated by Epydoc 3.0.1 on Thu Jun 9 16:57:09 2016 | http://epydoc.sourceforge.net |