mbedtls.tls Module API

TLS/SSL wrapper for socket objects.

class mbedtls.tls.ClientContext
wrap_buffers()

Create an in-memory stream for TLS.

wrap_socket()

Wrap an existing Python socket object socket and return a TLSWrappedSocket object. socket must be a SOCK_STREAM socket: all other socket types are unsupported.

Parameters
  • socket (socket.socket) – The socket to wrap.

  • server_hostname (str, optional) – The hostname of the service which we are connecting to. Pass None if hostname validation is not desired. This parameter has no default value because opting-out hostname validation is dangerous and should not be the default behavior.

class mbedtls.tls.DTLSConfiguration

DTLS configuration.

anti_replay
highest_supported_version
lowest_supported_version
update()

Create a new DTLSConfiguration.

Override some of the settings on the original configuration with the new settings.

class mbedtls.tls.DTLSVersion

An enumeration.

DTLSv1_0 = 2
DTLSv1_2 = 3
MAXIMUM_SUPPORTED = 3
MINIMUM_SUPPORTED = 2
class mbedtls.tls.HandshakeStep

An enumeration.

CERTIFICATE_REQUEST = 5
CERTIFICATE_VERIFY = 9
CLIENT_CERTIFICATE = 7
CLIENT_CHANGE_CIPHER_SPEC = 10
CLIENT_FINISHED = 11
CLIENT_HELLO = 1
CLIENT_KEY_EXCHANGE = 8
FLUSH_BUFFERS = 14
HANDSHAKE_OVER = 16
HANDSHAKE_WRAPUP = 15
HELLO_REQUEST = 0
SERVER_CERTIFICATE = 3
SERVER_CHANGE_CIPHER_SPEC = 12
SERVER_FINISHED = 13
SERVER_HELLO = 2
SERVER_HELLO_DONE = 6
SERVER_HELLO_VERIFY_REQUEST_SENT = 18
SERVER_KEY_EXCHANGE = 4
SERVER_NEW_SESSION_TICKET = 17
exception mbedtls.tls.HelloVerifyRequest
class mbedtls.tls.NextProtocol

An enumeration.

C_WEBRTC = b'c-webrtc'
FTP = b'ftp'
H2 = b'h2'
H2C = b'h2c'
HTTP1 = b'http/1.1'
STUN = b'stun.nat-discovery'
TURN = b'stun.turn'
WEBRTC = b'webrtc'
class mbedtls.tls.Purpose

An enumeration.

CLIENT_AUTH = 0
SERVER_AUTH = 1
exception mbedtls.tls.RaggedEOF
class mbedtls.tls.ServerContext
wrap_buffers()
wrap_socket()

Wrap an existing Python socket object socket.

class mbedtls.tls.TLSConfiguration

TLS configuration.

highest_supported_version
lowest_supported_version
update()

Create a new TLSConfiguration.

Override some of the settings on the original configuration with the new settings.

class mbedtls.tls.TLSVersion

An enumeration.

MAXIMUM_SUPPORTED = 3
MINIMUM_SUPPORTED = 1
TLSv1 = 1
TLSv1_1 = 2
TLSv1_2 = 3
class mbedtls.tls.TLSWrappedBuffer
cipher()
consume_outgoing()

Consume amt bytes from the output buffer.

context

The Context object this buffer is tied to.

do_handshake()
negotiated_protocol()
negotiated_tls_version()
peek_outgoing()
read()
readinto()
receive_from_network()
shutdown()
write()
class mbedtls.tls.TLSWrappedSocket
accept()
bind()
cipher()
close()
connect()
connect_ex()
context
do_handshake()
family
fileno()
getpeername()
getsockname()
getsockopt()
gettimeout()
listen()
makefile()
negotiated_protocol()
negotiated_tls_version()
proto
recv()
recv_into()
recvfrom()
recvfrom_into()
send()
sendall()
sendto()
setblocking()
setcookieparam()
setsockopt()
settimeout()
shutdown()
type
unwrap()
class mbedtls.tls.TrustStore
add
classmethod from_pem_file(path)
classmethod system()
exception mbedtls.tls.WantReadError
exception mbedtls.tls.WantWriteError
mbedtls.tls.ciphers_available()

Return the list of ciphersuites supported by the SSL/TLS module.

See also

  • hash.algorithms_available

  • hmac.algorithms_available

mbedtls.tls.pairwise()

s -> (s0,s1), (s1,s2), (s2, s3), …