Package tlslite :: Module handshakesettings :: Class HandshakeSettings
[hide private]
[frames] | no frames]

Class HandshakeSettings

source code

This class encapsulates various parameters that can be used with a TLS handshake.

Instance Methods [hide private]
 
__init__(self) source code
 
_filter(self) source code
 
_getCertificateTypes(self) source code
Instance Variables [hide private]
int minKeySize
The minimum bit length for asymmetric keys.
int maxKeySize
The maximum bit length for asymmetric keys.
list cipherNames
The allowed ciphers, in order of preference.
list certificateTypes
The allowed certificate types, in order of preference.
tuple minVersion
The minimum allowed SSL/TLS version.
tuple maxVersion
The maximum allowed SSL/TLS version.
Instance Variable Details [hide private]

minKeySize

The minimum bit length for asymmetric keys.

If the other party tries to use SRP, RSA, or Diffie-Hellman parameters smaller than this length, an alert will be signalled. The default is 1023.

Type:
int

maxKeySize

The maximum bit length for asymmetric keys.

If the other party tries to use SRP, RSA, or Diffie-Hellman parameters larger than this length, an alert will be signalled. The default is 8193.

Type:
int

cipherNames

The allowed ciphers, in order of preference.

The allowed values in this list are 'aes256', 'aes128', '3des', and 'rc4'. If these settings are used with a client handshake, they determine the order of the ciphersuites offered in the ClientHello message.

If these settings are used with a server handshake, the server will choose whichever ciphersuite matches the earliest entry in this list.

NOTE: If '3des' is used in this list, but TLS Lite can't find an add-on library that supports 3DES, then '3des' will be silently removed.

The default value is ['aes256', 'aes128', '3des', 'rc4'].

Type:
list

certificateTypes

The allowed certificate types, in order of preference.

The allowed values in this list are 'x509'. This list is only used with a client handshake. The client will advertise to the server which certificate types are supported, and will check that the server uses one of the appropriate types.

Type:
list

minVersion

The minimum allowed SSL/TLS version.

This variable can be set to (3,0) for SSL 3.0, (3,1) for TLS 1.0, or (3,2) for TLS 1.1. If the other party wishes to use a lower version, a protocol_version alert will be signalled. The default is (3,0).

Type:
tuple

maxVersion

The maximum allowed SSL/TLS version.

This variable can be set to (3,0) for SSL 3.0, (3,1) for TLS 1.0, or (3,2) for TLS 1.1. If the other party wishes to use a higher version, a protocol_version alert will be signalled. The default is (3,2). (WARNING: Some servers may (improperly) reject clients which offer support for TLS 1.1. In this case, try lowering maxVersion to (3,1)).

Type:
tuple