tlslite.constants module¶
Constants used in various places.
- class tlslite.constants.AlertDescription¶
Bases:
TLSEnum
- Variables:
bad_record_mac –
A TLS record failed to decrypt properly.
If this occurs during a SRP handshake it most likely indicates a bad password. It may also indicate an implementation error, or some tampering with the data in transit.
This alert will be signalled by the server if the SRP password is bad. It may also be signalled by the server if the SRP username is unknown to the server, but it doesn’t wish to reveal that fact.
handshake_failure –
A problem occurred while handshaking.
This typically indicates a lack of common ciphersuites between client and server, or some other disagreement (about SRP parameters or key sizes, for example).
protocol_version –
The other party’s SSL/TLS version was unacceptable.
This indicates that the client and server couldn’t agree on which version of SSL or TLS to use.
user_canceled – The handshake is being cancelled for some reason.
- access_denied = 49¶
- bad_certificate = 42¶
- bad_certificate_hash_value = 114¶
- bad_certificate_status_response = 113¶
- bad_record_mac = 20¶
- certificate_expired = 45¶
- certificate_revoked = 44¶
- certificate_unknown = 46¶
- certificate_unobtainable = 111¶
- close_notify = 0¶
- decode_error = 50¶
- decompression_failure = 30¶
- decrypt_error = 51¶
- decryption_failed = 21¶
- export_restriction = 60¶
- handshake_failure = 40¶
- illegal_parameter = 47¶
- inappropriate_fallback = 86¶
- insufficient_security = 71¶
- internal_error = 80¶
- no_application_protocol = 120¶
- no_certificate = 41¶
- no_renegotiation = 100¶
- protocol_version = 70¶
- record_overflow = 22¶
- unexpected_message = 10¶
- unknown_ca = 48¶
- unknown_psk_identity = 115¶
- unrecognized_name = 112¶
- unsupported_certificate = 43¶
- unsupported_extension = 110¶
- user_canceled = 90¶
- class tlslite.constants.AlertLevel¶
Bases:
TLSEnum
Enumeration of TLS Alert protocol levels
- fatal = 2¶
- warning = 1¶
- class tlslite.constants.CertificateStatusType¶
Bases:
TLSEnum
Type of responses in the status_request and CertificateStatus msgs.
- ocsp = 1¶
- class tlslite.constants.CipherSuite¶
Bases:
object
Numeric values of ciphersuites and ciphersuite types
- Variables:
tripleDESSuites – ciphersuties which use 3DES symmetric cipher in CBC mode
aes128Suites – ciphersuites which use AES symmetric cipher in CBC mode with 128 bit key
aes256Suites – ciphersuites which use AES symmetric cipher in CBC mode with 128 bit key
rc4Suites – ciphersuites which use RC4 symmetric cipher with 128 bit key
shaSuites – ciphersuites which use SHA-1 HMAC integrity mechanism and protocol default Pseudo Random Function
sha256Suites – ciphersuites which use SHA-256 HMAC integrity mechanism and SHA-256 Pseudo Random Function
md5Suites – ciphersuites which use MD-5 HMAC integrity mechanism and protocol default Pseudo Random Function
srpSuites – ciphersuites which use Secure Remote Password (SRP) key exchange protocol
srpCertSuites – ciphersuites which use Secure Remote Password (SRP) key exchange protocol with RSA server authentication
srpAllSuites – all SRP ciphersuites, pure SRP and with RSA based server authentication
certSuites – ciphersuites which use RSA key exchange with RSA server authentication
certAllSuites – ciphersuites which use RSA server authentication
anonSuites – ciphersuites which use anonymous Finite Field Diffie-Hellman key exchange
ietfNames – dictionary with string names of the ciphersuites
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 458944¶
- SSL_CK_DES_64_CBC_WITH_MD5 = 393280¶
- SSL_CK_IDEA_128_CBC_WITH_MD5 = 327808¶
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 262272¶
- SSL_CK_RC2_128_CBC_WITH_MD5 = 196736¶
- SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 131200¶
- SSL_CK_RC4_128_WITH_MD5 = 65664¶
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22¶
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51¶
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 103¶
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 158¶
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57¶
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 107¶
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 159¶
- TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 52394¶
- TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00 = 52387¶
- TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 27¶
- TLS_DH_ANON_WITH_AES_128_CBC_SHA = 52¶
- TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 108¶
- TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 166¶
- TLS_DH_ANON_WITH_AES_256_CBC_SHA = 58¶
- TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 109¶
- TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 167¶
- TLS_DH_ANON_WITH_RC4_128_MD5 = 24¶
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 49160¶
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 49161¶
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 49187¶
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 49195¶
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 49162¶
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 49188¶
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 49196¶
- TLS_ECDHE_ECDSA_WITH_NULL_SHA = 49158¶
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 49159¶
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 49170¶
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 49171¶
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 49191¶
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 49199¶
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 49172¶
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 49192¶
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 49200¶
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 52392¶
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00 = 52385¶
- TLS_ECDHE_RSA_WITH_NULL_SHA = 49168¶
- TLS_ECDHE_RSA_WITH_RC4_128_SHA = 49169¶
- TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 49175¶
- TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 49176¶
- TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 49177¶
- TLS_ECDH_ANON_WITH_NULL_SHA = 49173¶
- TLS_ECDH_ANON_WITH_RC4_128_SHA = 49174¶
- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 49155¶
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 49156¶
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 49189¶
- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 49197¶
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 49157¶
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 49190¶
- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 49198¶
- TLS_ECDH_ECDSA_WITH_NULL_SHA = 49153¶
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 49154¶
- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 49165¶
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 49166¶
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 49193¶
- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 49201¶
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 49167¶
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 49194¶
- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 49202¶
- TLS_ECDH_RSA_WITH_NULL_SHA = 49163¶
- TLS_ECDH_RSA_WITH_RC4_128_SHA = 49164¶
- TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 255¶
- TLS_FALLBACK_SCSV = 22016¶
- TLS_RSA_WITH_3DES_EDE_CBC_SHA = 10¶
- TLS_RSA_WITH_AES_128_CBC_SHA = 47¶
- TLS_RSA_WITH_AES_128_CBC_SHA256 = 60¶
- TLS_RSA_WITH_AES_128_GCM_SHA256 = 156¶
- TLS_RSA_WITH_AES_256_CBC_SHA = 53¶
- TLS_RSA_WITH_AES_256_CBC_SHA256 = 61¶
- TLS_RSA_WITH_AES_256_GCM_SHA384 = 157¶
- TLS_RSA_WITH_NULL_MD5 = 1¶
- TLS_RSA_WITH_NULL_SHA = 2¶
- TLS_RSA_WITH_NULL_SHA256 = 59¶
- TLS_RSA_WITH_RC4_128_MD5 = 4¶
- TLS_RSA_WITH_RC4_128_SHA = 5¶
- TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 49179¶
- TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 49182¶
- TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 49185¶
- TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 49178¶
- TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 49181¶
- TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 49184¶
- aeadSuites = [156, 158, 166, 49195, 49197, 49201, 49199, 157, 159, 167, 49196, 49198, 49202, 49200, 52392, 52394, 52385, 52387]¶
AEAD integrity, any PRF
- aes128GcmSuites = [156, 158, 166, 49195, 49197, 49201, 49199]¶
AES-128 GCM ciphers
- aes128Suites = [49181, 49182, 47, 51, 52, 60, 103, 108, 49187, 49161, 49189, 49156, 49193, 49166, 49171, 49191, 49176]¶
AES-128 CBC ciphers
- aes256GcmSuites = [157, 159, 167, 49196, 49198, 49202, 49200]¶
AES-256-GCM ciphers (implicit SHA384, see sha384PrfSuites)
- aes256Suites = [49184, 49185, 53, 58, 57, 61, 107, 109, 49188, 49162, 49190, 49157, 49194, 49167, 49172, 49192, 49177]¶
AES-256 CBC ciphers
- anonSuites = [167, 166, 109, 58, 108, 52, 27, 24]¶
anon FFDHE key exchange
- static canonicalCipherName(ciphersuite)¶
Return the canonical name of the cipher whose number is provided.
- static canonicalMacName(ciphersuite)¶
Return the canonical name of the MAC whose number is provided.
- certAllSuites = [49185, 49182, 49179, 157, 156, 61, 60, 53, 47, 10, 5, 4, 1, 2, 59, 52394, 52387, 159, 158, 107, 103, 57, 51, 22, 52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168]¶
RSA authentication
- certSuites = [157, 156, 61, 60, 53, 47, 10, 5, 4, 1, 2, 59]¶
RSA key exchange, RSA authentication
- chacha20Suites = [52392, 52394]¶
CHACHA20 cipher (implicit POLY1305 authenticator, SHA256 PRF)
- chacha20draft00Suites = [52385, 52387]¶
CHACHA20 cipher, 00’th IETF draft (implicit POLY1305 authenticator)
- dhAllSuites = [52394, 52387, 159, 158, 107, 103, 57, 51, 22, 167, 166, 109, 58, 108, 52, 27, 24]¶
- dheCertSuites = [52394, 52387, 159, 158, 107, 103, 57, 51, 22]¶
FFDHE key exchange, RSA authentication
- ecdhAllSuites = [49196, 49195, 49188, 49187, 49162, 49161, 49160, 49159, 49158, 52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173]¶
all ciphersuites which use ephemeral ECDH key exchange
- ecdhAnonSuites = [49177, 49176, 49175, 49174, 49173]¶
anon ECDHE key exchange
- ecdheCertSuites = [52392, 52385, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 49169, 49168]¶
ECDHE key exchange, RSA authentication
- ecdheEcdsaSuites = [49196, 49195, 49188, 49187, 49162, 49161, 49160, 49159, 49158]¶
ECDHE key exchange, ECDSA authentication
- static filterForVersion(suites, minVersion, maxVersion)¶
Return a copy of suites without ciphers incompatible with version
- classmethod getAnonSuites(settings, version=None)¶
Provide anonymous DH ciphersuites matching settings
- classmethod getCertSuites(settings, version=None)¶
Return ciphers with RSA authentication matching settings
- classmethod getDheCertSuites(settings, version=None)¶
Provide authenticated DHE ciphersuites matching settings
- classmethod getEcdhAnonSuites(settings, version=None)¶
Provide anonymous ECDH ciphersuites matching settings
- classmethod getEcdheCertSuites(settings, version=None)¶
Provide authenticated ECDHE ciphersuites matching settings
- classmethod getSrpAllSuites(settings, version=None)¶
Return all SRP cipher suites matching settings
- classmethod getSrpCertSuites(settings, version=None)¶
Return SRP cipher suites that use server certificates
- classmethod getSrpSuites(settings, version=None)¶
Return SRP cipher suites matching settings
- ietfNames = {1: 'TLS_RSA_WITH_NULL_MD5', 2: 'TLS_RSA_WITH_NULL_SHA', 4: 'TLS_RSA_WITH_RC4_128_MD5', 5: 'TLS_RSA_WITH_RC4_128_SHA', 10: 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', 22: 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA', 24: 'TLS_DH_ANON_WITH_RC4_128_MD5', 27: 'TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA', 47: 'TLS_RSA_WITH_AES_128_CBC_SHA', 51: 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA', 52: 'TLS_DH_ANON_WITH_AES_128_CBC_SHA', 53: 'TLS_RSA_WITH_AES_256_CBC_SHA', 57: 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA', 58: 'TLS_DH_ANON_WITH_AES_256_CBC_SHA', 59: 'TLS_RSA_WITH_NULL_SHA256', 60: 'TLS_RSA_WITH_AES_128_CBC_SHA256', 61: 'TLS_RSA_WITH_AES_256_CBC_SHA256', 103: 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256', 107: 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256', 108: 'TLS_DH_ANON_WITH_AES_128_CBC_SHA256', 109: 'TLS_DH_ANON_WITH_AES_256_CBC_SHA256', 156: 'TLS_RSA_WITH_AES_128_GCM_SHA256', 157: 'TLS_RSA_WITH_AES_256_GCM_SHA384', 158: 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', 159: 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', 166: 'TLS_DH_ANON_WITH_AES_128_GCM_SHA256', 167: 'TLS_DH_ANON_WITH_AES_256_GCM_SHA384', 255: 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV', 22016: 'TLS_FALLBACK_SCSV', 49153: 'TLS_ECDH_ECDSA_WITH_NULL_SHA', 49154: 'TLS_ECDH_ECDSA_WITH_RC4_128_SHA', 49155: 'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA', 49156: 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA', 49157: 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA', 49158: 'TLS_ECDHE_ECDSA_WITH_NULL_SHA', 49159: 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', 49160: 'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA', 49161: 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', 49162: 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', 49163: 'TLS_ECDH_RSA_WITH_NULL_SHA', 49164: 'TLS_ECDH_RSA_WITH_RC4_128_SHA', 49165: 'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA', 49166: 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA', 49167: 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA', 49168: 'TLS_ECDHE_RSA_WITH_NULL_SHA', 49169: 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', 49170: 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', 49171: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 49172: 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 49173: 'TLS_ECDH_ANON_WITH_NULL_SHA', 49174: 'TLS_ECDH_ANON_WITH_RC4_128_SHA', 49175: 'TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA', 49176: 'TLS_ECDH_ANON_WITH_AES_128_CBC_SHA', 49177: 'TLS_ECDH_ANON_WITH_AES_256_CBC_SHA', 49178: 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA', 49179: 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA', 49181: 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA', 49182: 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA', 49184: 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA', 49185: 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA', 49187: 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', 49188: 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', 49189: 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256', 49190: 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384', 49191: 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 49192: 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 49193: 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256', 49194: 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384', 49195: 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 49196: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 49197: 'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256', 49198: 'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384', 49199: 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 49200: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 49201: 'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256', 49202: 'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384', 52385: 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00', 52387: 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00', 52392: 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 52394: 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 65664: 'SSL_CK_RC4_128_WITH_MD5', 131200: 'SSL_CK_RC4_128_EXPORT40_WITH_MD5', 196736: 'SSL_CK_RC2_128_CBC_WITH_MD5', 262272: 'SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5', 327808: 'SSL_CK_IDEA_128_CBC_WITH_MD5', 393280: 'SSL_CK_DES_64_CBC_WITH_MD5', 458944: 'SSL_CK_DES_192_EDE3_CBC_WITH_MD5'}¶
- md5Suites = [24, 4, 1]¶
MD-5 HMAC, protocol default PRF
- nullSuites = [1, 2, 59, 49158, 49153, 49163, 49168, 49173]¶
no encryption
- rc4Suites = [49169, 49159, 49154, 49164, 24, 5, 4, 49174]¶
RC4 128 stream cipher
- sha256Suites = [60, 61, 103, 107, 59, 108, 109, 49187, 49189, 49193, 49191]¶
SHA-256 HMAC, SHA-256 PRF
- sha384PrfSuites = [49188, 49190, 49194, 49192, 157, 159, 167, 49196, 49198, 49202, 49200]¶
TLS1.2 with SHA384 PRF
- sha384Suites = [49188, 49190, 49194, 49192]¶
SHA-384 HMAC, SHA-384 PRF
- shaSuites = [49178, 49181, 49184, 49179, 49182, 49185, 10, 47, 53, 5, 22, 51, 57, 52, 58, 27, 2, 49162, 49161, 49160, 49159, 49158, 49157, 49156, 49155, 49154, 49153, 49167, 49166, 49165, 49164, 49163, 49171, 49172, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173]¶
SHA-1 HMAC, protocol default PRF
- srpAllSuites = [49184, 49181, 49178, 49185, 49182, 49179]¶
All that use SRP key exchange
- srpCertSuites = [49185, 49182, 49179]¶
SRP key exchange, RSA authentication
- srpSuites = [49184, 49181, 49178]¶
SRP key exchange, no certificate base authentication
- ssl2_128Key = [65664, 131200, 196736, 262272, 327808]¶
SSL2 ciphersuties which use 128 bit key
- ssl2_192Key = [458944]¶
SSL2 ciphersuites which use 192 bit key
- ssl2_3des = [458944]¶
SSL2 ciphersuites which use 3DES symmetric cipher
- ssl2_64Key = [393280]¶
SSL2 ciphersuites which use 64 bit key
- ssl2des = [393280]¶
SSL2 ciphersuites which use (single) DES symmetric cipher
- ssl2export = [131200, 262272]¶
SSL2 ciphersuites which encrypt only part (40 bits) of the key
- ssl2idea = [327808]¶
SSL2 ciphersuites which use IDEA symmetric cipher
- ssl2rc2 = [196736, 262272]¶
SSL2 ciphersuites which use RC2 symmetric cipher
- ssl2rc4 = [65664, 131200]¶
SSL2 ciphersuites which use RC4 symmetric cipher
- ssl3Suites = [49178, 49181, 49184, 49179, 49182, 49185, 10, 47, 53, 5, 22, 51, 57, 52, 58, 27, 2, 49162, 49161, 49160, 49159, 49158, 49157, 49156, 49155, 49154, 49153, 49167, 49166, 49165, 49164, 49163, 49171, 49172, 49170, 49169, 49168, 49177, 49176, 49175, 49174, 49173, 24, 4, 1]¶
SSL3, TLS1.0, TLS1.1 and TLS1.2 compatible ciphers
- streamSuites = [49169, 49159, 49154, 49164, 24, 5, 4, 49174, 1, 2, 59, 49158, 49153, 49163, 49168, 49173]¶
stream cipher construction
- tls12Suites = [60, 61, 103, 107, 59, 108, 109, 49187, 49189, 49193, 49191, 49188, 49190, 49194, 49192, 156, 158, 166, 49195, 49197, 49201, 49199, 157, 159, 167, 49196, 49198, 49202, 49200, 52392, 52394, 52385, 52387]¶
TLS1.2 specific ciphersuites
- tripleDESSuites = [49160, 49155, 49165, 49170, 49178, 49179, 10, 22, 27, 49175]¶
3DES CBC ciphers
- class tlslite.constants.ClientCertificateType¶
Bases:
TLSEnum
- dss_fixed_dh = 4¶
- dss_sign = 2¶
- rsa_fixed_dh = 3¶
- rsa_sign = 1¶
- class tlslite.constants.ContentType¶
Bases:
TLSEnum
TLS record layer content types of payloads
- alert = 21¶
- all = (20, 21, 22, 23)¶
- application_data = 23¶
- change_cipher_spec = 20¶
- handshake = 22¶
- classmethod toRepr(value, blacklist=None)¶
Convert numeric type to name representation
- class tlslite.constants.ECCurveType¶
Bases:
TLSEnum
Types of ECC curves supported in TLS from RFC4492
- explicit_char2 = 2¶
- explicit_prime = 1¶
- named_curve = 3¶
- class tlslite.constants.ECPointFormat¶
Bases:
TLSEnum
Names and ID’s of supported EC point formats.
- all = [0, 1, 2]¶
- ansiX962_compressed_char2 = 2¶
- ansiX962_compressed_prime = 1¶
- classmethod toRepr(value, blacklist=None)¶
Convert numeric type to name representation.
- uncompressed = 0¶
- class tlslite.constants.ExtensionType¶
Bases:
TLSEnum
TLS Extension Type registry values
- alpn = 16¶
- cert_type = 9¶
- client_hello_padding = 21¶
- ec_point_formats = 11¶
- encrypt_then_mac = 22¶
- extended_master_secret = 23¶
- renegotiation_info = 65281¶
- server_name = 0¶
- signature_algorithms = 13¶
- srp = 12¶
- status_request = 5¶
- supported_groups = 10¶
- supports_npn = 13172¶
- tack = 62208¶
- class tlslite.constants.Fault¶
Bases:
object
- badA = 103¶
- badB = 201¶
- badFinished = 300¶
- badMAC = 301¶
- badPadding = 302¶
- badPassword = 102¶
- badPremasterPadding = 501¶
- badUsername = 101¶
- badVerifyMessage = 601¶
- clientCertFaults = [601]¶
- clientNoAuthFaults = [501, 502]¶
- clientSrpFaults = [101, 102, 103]¶
- faultAlerts = {101: (115, 20), 102: (20,), 103: (47,), 300: (51,), 301: (20,), 302: (20,), 501: (20,), 502: (20,), 601: (51,)}¶
- faultNames = {101: 'bad username', 102: 'bad password', 103: 'bad A', 300: 'bad finished message', 301: 'bad MAC', 302: 'bad padding', 501: 'bad premaster padding', 502: 'short premaster secret', 601: 'bad verify message'}¶
- genericFaults = [300, 301, 302]¶
- serverFaults = [201]¶
- shortPremasterSecret = 502¶
- class tlslite.constants.GroupName¶
Bases:
TLSEnum
Name of groups supported for (EC)DH key exchange
- all = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 256, 257, 258, 259, 260]¶
- allEC = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30]¶
- allFF = [256, 257, 258, 259, 260]¶
- brainpoolP256r1 = 26¶
- brainpoolP384r1 = 27¶
- brainpoolP512r1 = 28¶
- ffdhe2048 = 256¶
- ffdhe3072 = 257¶
- ffdhe4096 = 258¶
- ffdhe6144 = 259¶
- ffdhe8192 = 260¶
- secp160k1 = 15¶
- secp160r1 = 16¶
- secp160r2 = 17¶
- secp192k1 = 18¶
- secp192r1 = 19¶
- secp224k1 = 20¶
- secp224r1 = 21¶
- secp256k1 = 22¶
- secp256r1 = 23¶
- secp384r1 = 24¶
- secp521r1 = 25¶
- sect163k1 = 1¶
- sect163r1 = 2¶
- sect163r2 = 3¶
- sect193r1 = 4¶
- sect193r2 = 5¶
- sect233k1 = 6¶
- sect233r1 = 7¶
- sect239k1 = 8¶
- sect283k1 = 9¶
- sect283r1 = 10¶
- sect409k1 = 11¶
- sect409r1 = 12¶
- sect571k1 = 13¶
- sect571r1 = 14¶
- classmethod toRepr(value, blacklist=None)¶
Convert numeric type to name representation
- x25519 = 29¶
- x448 = 30¶
- class tlslite.constants.HandshakeType¶
Bases:
TLSEnum
Message types in TLS Handshake protocol
- certificate = 11¶
- certificate_request = 13¶
- certificate_status = 22¶
- certificate_verify = 15¶
- client_hello = 1¶
- client_key_exchange = 16¶
- finished = 20¶
- hello_request = 0¶
- next_protocol = 67¶
- server_hello = 2¶
- server_hello_done = 14¶
- server_key_exchange = 12¶
- class tlslite.constants.HashAlgorithm¶
Bases:
TLSEnum
Hash algorithm IDs used in TLSv1.2
- md5 = 1¶
- none = 0¶
- sha1 = 2¶
- sha224 = 3¶
- sha256 = 4¶
- sha384 = 5¶
- sha512 = 6¶
- class tlslite.constants.NameType¶
Bases:
TLSEnum
Type of entries in Server Name Indication extension.
- host_name = 0¶
- class tlslite.constants.SSL2ErrorDescription¶
Bases:
TLSEnum
SSL2 Handshake protocol error message descriptions
- bad_certificate = 4¶
- no_certificate = 2¶
- no_cipher = 1¶
- unsupported_certificate_type = 6¶
- class tlslite.constants.SSL2HandshakeType¶
Bases:
TLSEnum
SSL2 Handshake Protocol message types.
- client_certificate = 8¶
- client_finished = 3¶
- client_hello = 1¶
- client_master_key = 2¶
- error = 0¶
- request_certificate = 7¶
- server_finished = 6¶
- server_hello = 4¶
- server_verify = 5¶
- class tlslite.constants.SignatureAlgorithm¶
Bases:
TLSEnum
Signing algorithms used in TLSv1.2
- anonymous = 0¶
- dsa = 2¶
- ecdsa = 3¶
- rsa = 1¶
- class tlslite.constants.SignatureScheme¶
Bases:
TLSEnum
Signature scheme used for signalling supported signature algorithms.
This is the replacement for the HashAlgorithm and SignatureAlgorithm lists. Introduced with TLSv1.3.
- static getHash(scheme)¶
Return the name of hash used in signature scheme.
- static getKeyType(scheme)¶
Return the name of the signature algorithm used in scheme.
E.g. for “rsa_pkcs1_sha1” it returns “rsa”
- static getPadding(scheme)¶
Return the name of padding scheme used in signature scheme.
- rsa_pkcs1_sha1 = (2, 1)¶
- rsa_pkcs1_sha256 = (4, 1)¶
- rsa_pkcs1_sha384 = (5, 1)¶
- rsa_pkcs1_sha512 = (6, 1)¶
- rsa_pss_sha256 = (8, 4)¶
- rsa_pss_sha384 = (8, 5)¶
- rsa_pss_sha512 = (8, 6)¶
- classmethod toRepr(value, blacklist=None)¶
Convert numeric type to name representation
- class tlslite.constants.TLSEnum¶
Bases:
object
Base class for different enums of TLS IDs
- classmethod toRepr(value, blacklist=None)¶
Convert numeric type to string representation
name if found, None otherwise
- classmethod toStr(value, blacklist=None)¶
Convert numeric type to human-readable string if possible