Home | Trees | Indices | Help |
---|
|
This class encapsulates various parameters that can be used with a TLS handshake.
|
|||
|
|||
|
|||
HandshakeSettings |
|
||
Inherited from |
|
|||
|
|||
|
|||
|
|
|||
int |
minKeySize The minimum bit length for asymmetric keys. |
||
int |
maxKeySize The maximum bit length for asymmetric keys. |
||
list |
cipherNames The allowed ciphers. |
||
list |
macNames The allowed MAC algorithms. |
||
list |
certificateTypes The allowed certificate types. |
||
tuple |
minVersion The minimum allowed SSL/TLS version. |
||
tuple |
maxVersion The maximum allowed SSL/TLS version. |
||
list |
eccCurves List of named curves that are to be supported |
||
list |
rsaSigHashes List of hashes supported (and advertised as such) for TLS 1.2 signatures over Server Key Exchange or Certificate Verify with RSA signature algorithm. |
||
bool |
sendFallbackSCSV Whether to, as a client, send FALLBACK_SCSV. |
||
bool |
useExperimentalTackExtension Whether to enabled TACK support. |
|
|||
Inherited from |
|
x.__init__(...) initializes x; see help(type(x)) for signature
|
Validate the settings, filter out unsupported ciphersuites and return a copy of object. Does not modify the original object.
|
|
minKeySizeThe minimum bit length for asymmetric keys.If the other party tries to use SRP, RSA, or Diffie-Hellman parameters smaller than this length, an alert will be signalled. The default is 1023.
|
maxKeySizeThe maximum bit length for asymmetric keys.If the other party tries to use SRP, RSA, or Diffie-Hellman parameters larger than this length, an alert will be signalled. The default is 8193.
|
cipherNamesThe allowed ciphers.The allowed values in this list are 'aes256', 'aes128', '3des', and 'rc4'. If these settings are used with a client handshake, they determine the order of the ciphersuites offered in the ClientHello message. If these settings are used with a server handshake, the server will choose whichever ciphersuite matches the earliest entry in this list. NOTE: If '3des' is used in this list, but TLS Lite can't find an add-on library that supports 3DES, then '3des' will be silently removed. The default value is ['rc4', 'aes256', 'aes128', '3des'].
|
macNamesThe allowed MAC algorithms.The allowed values in this list are 'sha' and 'md5'. The default value is ['sha'].
|
certificateTypesThe allowed certificate types.The only allowed certificate type is 'x509'. This list is only used with a client handshake. The client will advertise to the server which certificate types are supported, and will check that the server uses one of the appropriate types.
|
minVersionThe minimum allowed SSL/TLS version.This variable can be set to (3,0) for SSL 3.0, (3,1) for TLS 1.0, (3,2) for TLS 1.1, or (3,3) for TLS 1.2. If the other party wishes to use a lower version, a protocol_version alert will be signalled. The default is (3,1).
|
maxVersionThe maximum allowed SSL/TLS version.This variable can be set to (3,0) for SSL 3.0, (3,1) for TLS 1.0, (3,2) for TLS 1.1, or (3,3) for TLS 1.2. If the other party wishes to use a higher version, a protocol_version alert will be signalled. The default is (3,3). (WARNING: Some servers may (improperly) reject clients which offer support for TLS 1.1. In this case, try lowering maxVersion to (3,1)).
|
rsaSigHashesList of hashes supported (and advertised as such) for TLS 1.2 signatures over Server Key Exchange or Certificate Verify with RSA signature algorithm.The list is sorted from most wanted to least wanted algorithm. The allowed hashes are: "md5", "sha1", "sha224", "sha256", "sha384" and "sha512". The default list does not include md5.
|
useExperimentalTackExtensionWhether to enabled TACK support.Note that TACK support is not standardized by IETF and uses a temporary TLS Extension number, so should NOT be used in production software.
|
Home | Trees | Indices | Help |
---|
Generated by Epydoc 3.0.1 on Fri Nov 27 15:14:53 2015 | http://epydoc.sourceforge.net |