Functions, Constants, and Exceptions¶

importsocketimportsslhostname='www.python.org'context=ssl.create_default_context()withsocket.create_connection((hostname,443))assock:withcontext.wrap_socket(sock,server_hostname=hostname)asssock:print(ssock.version())

hostname='www.python.org'# PROTOCOL_TLS_CLIENT requires valid cert chain and hostnamecontext=ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)context.load_verify_locations('path/to/cabundle.pem')withsocket.socket(socket.AF_INET,socket.SOCK_STREAM,0)assock:withcontext.wrap_socket(sock,server_hostname=hostname)asssock:print(ssock.version())

context=ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)context.load_cert_chain('/path/to/certchain.pem','/path/to/private.key')withsocket.socket(socket.AF_INET,socket.SOCK_STREAM,0)assock:sock.bind(('127.0.0.1',8443))sock.listen(5)withcontext.wrap_socket(sock,server_side=True)asssock:conn,addr=ssock.accept()...

SSL Sockets¶

classssl.SSLSocket(socket.socket)¶

SSL sockets provide the following methods ofSocket Objects:

• accept()

• bind()

• close()

• connect()

• detach()

• fileno()

• getpeername(),getsockname()

• getsockopt(),setsockopt()

• gettimeout(),settimeout(),setblocking()

• listen()

• makefile()

• recv(),recv_into()(but passing a non-zeroflags argument is not allowed)

• send(),sendall() (withthe same limitation)

• sendfile() (butos.sendfile will be usedfor plain-text sockets only, elsesend() will be used)

• shutdown()

However, since the SSL (and TLS) protocol has its own framing atopof TCP, the SSL sockets abstraction can, in certain respects, diverge fromthe specification of normal, OS-level sockets. See especially thenotes on non-blocking sockets.

Instances ofSSLSocket must be created using theSSLContext.wrap_socket() method.

Άλλαξε στην έκδοση 3.5:Thesendfile() method was added.

Άλλαξε στην έκδοση 3.5:Theshutdown() does not reset the socket timeout each time bytesare received or sent. The socket timeout is now the maximum total durationof the shutdown.

Αποσύρθηκε στην έκδοση 3.6:It is deprecated to create aSSLSocket instance directly, useSSLContext.wrap_socket() to wrap a socket.

Άλλαξε στην έκδοση 3.7:SSLSocket instances must to created withwrap_socket(). In earlier versions, it was possibleto create instances directly. This was never documented or officiallysupported.

Άλλαξε στην έκδοση 3.10:Python now usesSSL_read_ex andSSL_write_ex internally. Thefunctions support reading and writing of data larger than 2 GB. Writingzero-length data no longer fails with a protocol violation error.

SSL sockets also have the following additional methods and attributes:

SSLSocket.read(len=1024,buffer=None)¶

Read up tolen bytes of data from the SSL socket and return the result asabytes instance. Ifbuffer is specified, then read into the bufferinstead, and return the number of bytes read.

RaiseSSLWantReadError orSSLWantWriteError if the socket isnon-blocking and the read would block.

As at any time a re-negotiation is possible, a call toread() can alsocause write operations.

Άλλαξε στην έκδοση 3.5:The socket timeout is no longer reset each time bytes are received or sent.The socket timeout is now the maximum total duration to read up tolenbytes.

Αποσύρθηκε στην έκδοση 3.6:Userecv() instead ofread().

SSLSocket.write(buf)¶

Writebuf to the SSL socket and return the number of bytes written. Thebuf argument must be an object supporting the buffer interface.

RaiseSSLWantReadError orSSLWantWriteError if the socket isnon-blocking and the write would block.

As at any time a re-negotiation is possible, a call towrite() canalso cause read operations.

Άλλαξε στην έκδοση 3.5:The socket timeout is no longer reset each time bytes are received or sent.The socket timeout is now the maximum total duration to writebuf.

Αποσύρθηκε στην έκδοση 3.6:Usesend() instead ofwrite().

SSLSocket.do_handshake()¶

Perform the SSL setup handshake.

Άλλαξε στην έκδοση 3.4:The handshake method also performsmatch_hostname() when thecheck_hostname attribute of the socket’scontext is true.

Άλλαξε στην έκδοση 3.5:The socket timeout is no longer reset each time bytes are received or sent.The socket timeout is now the maximum total duration of the handshake.

Άλλαξε στην έκδοση 3.7:Hostname or IP address is matched by OpenSSL during handshake. Thefunctionmatch_hostname() is no longer used. In case OpenSSLrefuses a hostname or IP address, the handshake is aborted early anda TLS alert message is sent to the peer.

SSLSocket.getpeercert(binary_form=False)¶

If there is no certificate for the peer on the other end of the connection,returnNone. If the SSL handshake hasn’t been done yet, raiseValueError.

If thebinary_form parameter isFalse, and a certificate wasreceived from the peer, this method returns adict instance. If thecertificate was not validated, the dict is empty. If the certificate wasvalidated, it returns a dict with several keys, amongst themsubject(the principal for which the certificate was issued) andissuer(the principal issuing the certificate). If a certificate contains aninstance of theSubject Alternative Name extension (seeRFC 3280),there will also be asubjectAltName key in the dictionary.

Thesubject andissuer fields are tuples containing the sequenceof relative distinguished names (RDNs) given in the certificate’s datastructure for the respective fields, and each RDN is a sequence ofname-value pairs. Here is a real-world example:

{'issuer':((('countryName','IL'),),(('organizationName','StartCom Ltd.'),),(('organizationalUnitName','Secure Digital Certificate Signing'),),(('commonName','StartCom Class 2 Primary Intermediate Server CA'),)),'notAfter':'Nov 22 08:15:19 2013 GMT','notBefore':'Nov 21 03:09:52 2011 GMT','serialNumber':'95F0','subject':((('description','571208-SLe257oHY9fVQ07Z'),),(('countryName','US'),),(('stateOrProvinceName','California'),),(('localityName','San Francisco'),),(('organizationName','Electronic Frontier Foundation, Inc.'),),(('commonName','*.eff.org'),),(('emailAddress','hostmaster@eff.org'),)),'subjectAltName':(('DNS','*.eff.org'),('DNS','eff.org')),'version':3}

If thebinary_form parameter isTrue, and a certificate wasprovided, this method returns the DER-encoded form of the entire certificateas a sequence of bytes, orNone if the peer did not provide acertificate. Whether the peer provides a certificate depends on the SSLsocket’s role:

• for a client SSL socket, the server will always provide a certificate,regardless of whether validation was required;

• for a server SSL socket, the client will only provide a certificatewhen requested by the server; thereforegetpeercert() will returnNone if you usedCERT_NONE (rather thanCERT_OPTIONAL orCERT_REQUIRED).

See alsoSSLContext.check_hostname.

Άλλαξε στην έκδοση 3.2:The returned dictionary includes additional items such asissuerandnotBefore.

Άλλαξε στην έκδοση 3.4:ValueError is raised when the handshake isn’t done.The returned dictionary includes additional X509v3 extension items such ascrlDistributionPoints,caIssuers andOCSP URIs.

Άλλαξε στην έκδοση 3.9:IPv6 address strings no longer have a trailing new line.

SSLSocket.get_verified_chain()¶

Returns verified certificate chain provided by the otherend of the SSL channel as a list of DER-encoded bytes.If certificate verification was disabled method acts the same asget_unverified_chain().

Added in version 3.13.

SSLSocket.get_unverified_chain()¶

Returns raw certificate chain provided by the otherend of the SSL channel as a list of DER-encoded bytes.

Added in version 3.13.

SSLSocket.cipher()¶

Returns a three-value tuple containing the name of the cipher being used, theversion of the SSL protocol that defines its use, and the number of secretbits being used. If no connection has been established, returnsNone.

SSLSocket.shared_ciphers()¶

Return the list of ciphers available in both the client and server. Eachentry of the returned list is a three-value tuple containing the name of thecipher, the version of the SSL protocol that defines its use, and the numberof secret bits the cipher uses.shared_ciphers() returnsNone if no connection has been established or the socket is a clientsocket.

Added in version 3.5.

SSLSocket.compression()¶

Return the compression algorithm being used as a string, orNoneif the connection isn’t compressed.

If the higher-level protocol supports its own compression mechanism,you can useOP_NO_COMPRESSION to disable SSL-level compression.

Added in version 3.3.

SSLSocket.get_channel_binding(cb_type='tls-unique')¶

Get channel binding data for current connection, as a bytes object. ReturnsNone if not connected or the handshake has not been completed.

Thecb_type parameter allow selection of the desired channel bindingtype. Valid channel binding types are listed in theCHANNEL_BINDING_TYPES list. Currently only the “tls-unique” channelbinding, defined byRFC 5929, is supported.ValueError will beraised if an unsupported channel binding type is requested.

Added in version 3.3.

SSLSocket.selected_alpn_protocol()¶

Return the protocol that was selected during the TLS handshake. IfSSLContext.set_alpn_protocols() was not called, if the other party doesnot support ALPN, if this socket does not support any of the client’sproposed protocols, or if the handshake has not happened yet,None isreturned.

Added in version 3.5.

SSLSocket.selected_npn_protocol()¶

Return the higher-level protocol that was selected during the TLS/SSLhandshake. IfSSLContext.set_npn_protocols() was not called, orif the other party does not support NPN, or if the handshake has not yethappened, this will returnNone.

Added in version 3.3.

Αποσύρθηκε στην έκδοση 3.10:NPN has been superseded by ALPN

SSLSocket.unwrap()¶

Performs the SSL shutdown handshake, which removes the TLS layer from theunderlying socket, and returns the underlying socket object. This can beused to go from encrypted operation over a connection to unencrypted. Thereturned socket should always be used for further communication with theother side of the connection, rather than the original socket.

SSLSocket.verify_client_post_handshake()¶

Requests post-handshake authentication (PHA) from a TLS 1.3 client. PHAcan only be initiated for a TLS 1.3 connection from a server-side socket,after the initial TLS handshake and with PHA enabled on both sides, seeSSLContext.post_handshake_auth.

The method does not perform a cert exchange immediately. The server-sidesends a CertificateRequest during the next write event and expects theclient to respond with a certificate on the next read event.

If any precondition isn’t met (e.g. not TLS 1.3, PHA not enabled), anSSLError is raised.

Σημείωση

Only available with OpenSSL 1.1.1 and TLS 1.3 enabled. Without TLS 1.3support, the method raisesNotImplementedError.

Added in version 3.8.

SSLSocket.version()¶

Return the actual SSL protocol version negotiated by the connectionas a string, orNone if no secure connection is established.As of this writing, possible return values include"SSLv2","SSLv3","TLSv1","TLSv1.1" and"TLSv1.2".Recent OpenSSL versions may define more return values.

Added in version 3.5.

SSLSocket.pending()¶

Returns the number of already decrypted bytes available for read, pending onthe connection.

SSLSocket.context¶

TheSSLContext object this SSL socket is tied to.

Added in version 3.2.

SSLSocket.server_side¶

A boolean which isTrue for server-side sockets andFalse forclient-side sockets.

Added in version 3.2.

SSLSocket.server_hostname¶

Hostname of the server:str type, orNone for server-sidesocket or if the hostname was not specified in the constructor.

Added in version 3.2.

Άλλαξε στην έκδοση 3.7:The attribute is now always ASCII text. Whenserver_hostname isan internationalized domain name (IDN), this attribute now stores theA-label form ("xn--pythn-mua.org"), rather than the U-label form("pythön.org").

SSLSocket.session¶

TheSSLSession for this SSL connection. The session is availablefor client and server side sockets after the TLS handshake has beenperformed. For client sockets the session can be set beforedo_handshake() has been called to reuse a session.

Added in version 3.6.

SSLSocket.session_reused¶

Added in version 3.6.

SSL Contexts¶

An SSL context holds various data longer-lived than single SSL connections,such as SSL configuration options, certificate(s) and private key(s).It also manages a cache of SSL sessions for server-side sockets, in orderto speed up repeated connections from the same clients.

classssl.SSLContext(protocol=None)¶

Create a new SSL context. You may passprotocol which must be oneof thePROTOCOL_* constants defined in this module. The parameterspecifies which version of the SSL protocol to use. Typically, theserver chooses a particular protocol version, and the client must adaptto the server’s choice. Most of the versions are not interoperablewith the other versions. If not specified, the default isPROTOCOL_TLS; it provides the most compatibility with otherversions.

Here’s a table showing which versions in a client (down the side) can connectto which versions in a server (along the top):

client /server	SSLv2	SSLv3	TLS[3]	TLSv1	TLSv1.1	TLSv1.2
SSLv2	yes	no	no[1]	no	no	no
SSLv3	no	yes	no[2]	no	no	no
TLS (SSLv23)[3]	no[1]	no[2]	yes	yes	yes	yes
TLSv1	no	no	yes	yes	no	no
TLSv1.1	no	no	yes	no	yes	no
TLSv1.2	no	no	yes	no	no	yes

Footnotes

[1](1,2)

SSLContext disables SSLv2 withOP_NO_SSLv2 by default.

[2](1,2)

SSLContext disables SSLv3 withOP_NO_SSLv3 by default.

[3](1,2)

TLS 1.3 protocol will be available withPROTOCOL_TLS inOpenSSL >= 1.1.1. There is no dedicated PROTOCOL constant for justTLS 1.3.

Δείτε επίσης

create_default_context() lets thessl module choosesecurity settings for a given purpose.

Άλλαξε στην έκδοση 3.6:The context is created with secure default values. The optionsOP_NO_COMPRESSION,OP_CIPHER_SERVER_PREFERENCE,OP_SINGLE_DH_USE,OP_SINGLE_ECDH_USE,OP_NO_SSLv2,andOP_NO_SSLv3 (except forPROTOCOL_SSLv3) areset by default. The initial cipher suite list contains onlyHIGHciphers, noNULL ciphers and noMD5 ciphers.

Αποσύρθηκε στην έκδοση 3.10:SSLContext without protocol argument is deprecated. Thecontext class will either requirePROTOCOL_TLS_CLIENT orPROTOCOL_TLS_SERVER protocol in the future.

Άλλαξε στην έκδοση 3.10:The default cipher suites now include only secure AES and ChaCha20ciphers with forward secrecy and security level 2. RSA and DH keys withless than 2048 bits and ECC keys with less than 224 bits are prohibited.PROTOCOL_TLS,PROTOCOL_TLS_CLIENT, andPROTOCOL_TLS_SERVER use TLS 1.2 as minimum TLS version.

Σημείωση

SSLContext only supports limited mutation once it has been usedby a connection. Adding new certificates to the internal trust store isallowed, but changing ciphers, verification settings, or mTLScertificates may result in surprising behavior.

Σημείωση

SSLContext is designed to be shared and used by multipleconnections.Thus, it is thread-safe as long as it is not reconfigured after beingused by a connection.

SSLContext objects have the following methods and attributes:

SSLContext.cert_store_stats()¶

Get statistics about quantities of loaded X.509 certificates, count ofX.509 certificates flagged as CA certificates and certificate revocationlists as dictionary.

Example for a context with one CA cert and one other cert:

>>>context.cert_store_stats(){'crl': 0, 'x509_ca': 1, 'x509': 2}

Added in version 3.4.

SSLContext.load_cert_chain(certfile,keyfile=None,password=None)¶

Load a private key and the corresponding certificate. Thecertfilestring must be the path to a single file in PEM format containing thecertificate as well as any number of CA certificates needed to establishthe certificate’s authenticity. Thekeyfile string, if present, mustpoint to a file containing the private key. Otherwise the privatekey will be taken fromcertfile as well. See the discussion ofCertificates for more information on how the certificateis stored in thecertfile.

Thepassword argument may be a function to call to get the password fordecrypting the private key. It will only be called if the private key isencrypted and a password is necessary. It will be called with no arguments,and it should return a string, bytes, or bytearray. If the return value isa string it will be encoded as UTF-8 before using it to decrypt the key.Alternatively a string, bytes, or bytearray value may be supplied directlyas thepassword argument. It will be ignored if the private key is notencrypted and no password is needed.

If thepassword argument is not specified and a password is required,OpenSSL’s built-in password prompting mechanism will be used tointeractively prompt the user for a password.

AnSSLError is raised if the private key doesn’tmatch with the certificate.

Άλλαξε στην έκδοση 3.3:New optional argumentpassword.

SSLContext.load_default_certs(purpose=Purpose.SERVER_AUTH)¶

Load a set of default «certification authority» (CA) certificates fromdefault locations. On Windows it loads CA certs from theCA andROOT system stores. On all systems it callsSSLContext.set_default_verify_paths(). In the future the method mayload CA certificates from other locations, too.

Thepurpose flag specifies what kind of CA certificates are loaded. Thedefault settingsPurpose.SERVER_AUTH loads certificates, that areflagged and trusted for TLS web server authentication (client sidesockets).Purpose.CLIENT_AUTH loads CA certificates for clientcertificate verification on the server side.

Added in version 3.4.

SSLContext.load_verify_locations(cafile=None,capath=None,cadata=None)¶

Load a set of «certification authority» (CA) certificates used to validateother peers” certificates whenverify_mode is other thanCERT_NONE. At least one ofcafile orcapath must be specified.

This method can also load certification revocation lists (CRLs) in PEM orDER format. In order to make use of CRLs,SSLContext.verify_flagsmust be configured properly.

Thecafile string, if present, is the path to a file of concatenatedCA certificates in PEM format. See the discussion ofCertificates for more information about how to arrange thecertificates in this file.

Thecapath string, if present, isthe path to a directory containing several CA certificates in PEM format,following anOpenSSL specific layout.

Thecadata object, if present, is either an ASCII string of one or morePEM-encoded certificates or abytes-like object of DER-encodedcertificates. Like withcapath extra lines around PEM-encodedcertificates are ignored but at least one certificate must be present.

Άλλαξε στην έκδοση 3.4:New optional argumentcadata

SSLContext.get_ca_certs(binary_form=False)¶

Get a list of loaded «certification authority» (CA) certificates. If thebinary_form parameter isFalse each listentry is a dict like the output ofSSLSocket.getpeercert(). Otherwisethe method returns a list of DER-encoded certificates. The returned listdoes not contain certificates fromcapath unless a certificate wasrequested and loaded by a SSL connection.

Σημείωση

Certificates in a capath directory aren’t loaded unless they havebeen used at least once.

Added in version 3.4.

SSLContext.get_ciphers()¶

Get a list of enabled ciphers. The list is in order of cipher priority.SeeSSLContext.set_ciphers().

Example:

>>>ctx=ssl.SSLContext(ssl.PROTOCOL_SSLv23)>>>ctx.set_ciphers('ECDHE+AESGCM:!ECDSA')>>>ctx.get_ciphers()[{'aead': True,  'alg_bits': 256,  'auth': 'auth-rsa',  'description': 'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  '                 'Enc=AESGCM(256) Mac=AEAD',  'digest': None,  'id': 50380848,  'kea': 'kx-ecdhe',  'name': 'ECDHE-RSA-AES256-GCM-SHA384',  'protocol': 'TLSv1.2',  'strength_bits': 256,  'symmetric': 'aes-256-gcm'}, {'aead': True,  'alg_bits': 128,  'auth': 'auth-rsa',  'description': 'ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  '                 'Enc=AESGCM(128) Mac=AEAD',  'digest': None,  'id': 50380847,  'kea': 'kx-ecdhe',  'name': 'ECDHE-RSA-AES128-GCM-SHA256',  'protocol': 'TLSv1.2',  'strength_bits': 128,  'symmetric': 'aes-128-gcm'}]

Added in version 3.6.

SSLContext.set_default_verify_paths()¶

Load a set of default «certification authority» (CA) certificates froma filesystem path defined when building the OpenSSL library. Unfortunately,there’s no easy way to know whether this method succeeds: no error isreturned if no certificates are to be found. When the OpenSSL library isprovided as part of the operating system, though, it is likely to beconfigured properly.

SSLContext.set_ciphers(ciphers)¶

Set the available ciphers for sockets created with this context.It should be a string in theOpenSSL cipher list format.If no cipher can be selected (because compile-time options or otherconfiguration forbids use of all the specified ciphers), anSSLError will be raised.

Σημείωση

when connected, theSSLSocket.cipher() method of SSL sockets willgive the currently selected cipher.

TLS 1.3 cipher suites cannot be disabled withset_ciphers().

SSLContext.set_alpn_protocols(protocols)¶

Specify which protocols the socket should advertise during the SSL/TLShandshake. It should be a list of ASCII strings, like['http/1.1','spdy/2'], ordered by preference. The selection of a protocol will happenduring the handshake, and will play out according toRFC 7301. After asuccessful handshake, theSSLSocket.selected_alpn_protocol() method willreturn the agreed-upon protocol.

This method will raiseNotImplementedError ifHAS_ALPN isFalse.

Added in version 3.5.

SSLContext.set_npn_protocols(protocols)¶

Specify which protocols the socket should advertise during the SSL/TLShandshake. It should be a list of strings, like['http/1.1','spdy/2'],ordered by preference. The selection of a protocol will happen during thehandshake, and will play out according to theApplication Layer Protocol Negotiation. After asuccessful handshake, theSSLSocket.selected_npn_protocol() method willreturn the agreed-upon protocol.

This method will raiseNotImplementedError ifHAS_NPN isFalse.

Added in version 3.3.

Αποσύρθηκε στην έκδοση 3.10:NPN has been superseded by ALPN

SSLContext.sni_callback¶

Register a callback function that will be called after the TLS Client Hellohandshake message has been received by the SSL/TLS server when the TLS clientspecifies a server name indication. The server name indication mechanismis specified inRFC 6066 section 3 - Server Name Indication.

Only one callback can be set perSSLContext. Ifsni_callbackis set toNone then the callback is disabled. Calling this function asubsequent time will disable the previously registered callback.

The callback function will be called with threearguments; the first being thessl.SSLSocket, the second is a stringthat represents the server name that the client is intending to communicate(orNone if the TLS Client Hello does not contain a server name)and the third argument is the originalSSLContext. The server nameargument is text. For internationalized domain name, the servername is an IDN A-label ("xn--pythn-mua.org").

A typical use of this callback is to change thessl.SSLSocket’sSSLSocket.context attribute to a new object of typeSSLContext representing a certificate chain that matches the servername.

Due to the early negotiation phase of the TLS connection, only limitedmethods and attributes are usable likeSSLSocket.selected_alpn_protocol() andSSLSocket.context.TheSSLSocket.getpeercert(),SSLSocket.get_verified_chain(),SSLSocket.get_unverified_chain()SSLSocket.cipher()andSSLSocket.compression() methods require thatthe TLS connection has progressed beyond the TLS Client Hello and thereforewill not return meaningful values nor can they be called safely.

Thesni_callback function must returnNone to allow theTLS negotiation to continue. If a TLS failure is required, a constantALERT_DESCRIPTION_* can bereturned. Other return values will result in a TLS fatal error withALERT_DESCRIPTION_INTERNAL_ERROR.

If an exception is raised from thesni_callback function the TLSconnection will terminate with a fatal TLS alert messageALERT_DESCRIPTION_HANDSHAKE_FAILURE.

This method will raiseNotImplementedError if the OpenSSL libraryhad OPENSSL_NO_TLSEXT defined when it was built.

Added in version 3.7.

SSLContext.set_servername_callback(server_name_callback)¶

This is a legacy API retained for backwards compatibility. When possible,you should usesni_callback instead. The givenserver_name_callbackis similar tosni_callback, except that when the server hostname is anIDN-encoded internationalized domain name, theserver_name_callbackreceives a decoded U-label ("pythön.org").

If there is a decoding error on the server name, the TLS connection willterminate with anALERT_DESCRIPTION_INTERNAL_ERROR fatal TLSalert message to the client.

Added in version 3.4.

SSLContext.load_dh_params(dhfile)¶

Load the key generation parameters for Diffie-Hellman (DH) key exchange.Using DH key exchange improves forward secrecy at the expense ofcomputational resources (both on the server and on the client).Thedhfile parameter should be the path to a file containing DHparameters in PEM format.

This setting doesn’t apply to client sockets. You can also use theOP_SINGLE_DH_USE option to further improve security.

Added in version 3.3.

SSLContext.set_ecdh_curve(curve_name)¶

Set the curve name for Elliptic Curve-based Diffie-Hellman (ECDH) keyexchange. ECDH is significantly faster than regular DH while arguablyas secure. Thecurve_name parameter should be a string describinga well-known elliptic curve, for exampleprime256v1 for a widelysupported curve.

This setting doesn’t apply to client sockets. You can also use theOP_SINGLE_ECDH_USE option to further improve security.

This method is not available ifHAS_ECDH isFalse.

Added in version 3.3.

Δείτε επίσης

SSL/TLS & Perfect Forward Secrecy

Vincent Bernat.

SSLContext.wrap_socket(sock,server_side=False,do_handshake_on_connect=True,suppress_ragged_eofs=True,server_hostname=None,session=None)¶

Wrap an existing Python socketsock and return an instance ofSSLContext.sslsocket_class (defaultSSLSocket). Thereturned SSL socket is tied to the context, its settings and certificates.sock must be aSOCK_STREAM socket; othersocket types are unsupported.

The parameterserver_side is a boolean which identifies whetherserver-side or client-side behavior is desired from this socket.

For client-side sockets, the context construction is lazy; if theunderlying socket isn’t connected yet, the context construction will beperformed afterconnect() is called on the socket. Forserver-side sockets, if the socket has no remote peer, it is assumedto be a listening socket, and the server-side SSL wrapping isautomatically performed on client connections accepted via theaccept() method. The method may raiseSSLError.

On client connections, the optional parameterserver_hostname specifiesthe hostname of the service which we are connecting to. This allows asingle server to host multiple SSL-based services with distinct certificates,quite similarly to HTTP virtual hosts. Specifyingserver_hostname willraise aValueError ifserver_side is true.

The parameterdo_handshake_on_connect specifies whether to do the SSLhandshake automatically after doing asocket.connect(), or whether theapplication program will call it explicitly, by invoking theSSLSocket.do_handshake() method. CallingSSLSocket.do_handshake() explicitly gives the program control over theblocking behavior of the socket I/O involved in the handshake.

The parametersuppress_ragged_eofs specifies how theSSLSocket.recv() method should signal unexpected EOF from the other endof the connection. If specified asTrue (the default), it returns anormal EOF (an empty bytes object) in response to unexpected EOF errorsraised from the underlying socket; ifFalse, it will raise theexceptions back to the caller.

session, seesession.

To wrap anSSLSocket in anotherSSLSocket, useSSLContext.wrap_bio().

Άλλαξε στην έκδοση 3.5:Always allow a server_hostname to be passed, even if OpenSSL does nothave SNI.

Άλλαξε στην έκδοση 3.6:session argument was added.

Άλλαξε στην έκδοση 3.7:The method returns an instance ofSSLContext.sslsocket_classinstead of hard-codedSSLSocket.

SSLContext.sslsocket_class¶

The return type ofSSLContext.wrap_socket(), defaults toSSLSocket. The attribute can be overridden on instance of classin order to return a custom subclass ofSSLSocket.

Added in version 3.7.

SSLContext.wrap_bio(incoming,outgoing,server_side=False,server_hostname=None,session=None)¶

Wrap the BIO objectsincoming andoutgoing and return an instance ofSSLContext.sslobject_class (defaultSSLObject). The SSLroutines will read input data from the incoming BIO and write data to theoutgoing BIO.

Theserver_side,server_hostname andsession parameters have thesame meaning as inSSLContext.wrap_socket().

Άλλαξε στην έκδοση 3.6:session argument was added.

Άλλαξε στην έκδοση 3.7:The method returns an instance ofSSLContext.sslobject_classinstead of hard-codedSSLObject.

SSLContext.sslobject_class¶

The return type ofSSLContext.wrap_bio(), defaults toSSLObject. The attribute can be overridden on instance of classin order to return a custom subclass ofSSLObject.

Added in version 3.7.

SSLContext.session_stats()¶

Get statistics about the SSL sessions created or managed by this context.A dictionary is returned which maps the names of eachpiece of information to theirnumeric values. For example, here is the total number of hits and missesin the session cache since the context was created:

>>>stats=context.session_stats()>>>stats['hits'],stats['misses'](0, 0)

SSLContext.check_hostname¶

Whether to match the peer cert’s hostname inSSLSocket.do_handshake(). The context’sverify_mode must be set toCERT_OPTIONAL orCERT_REQUIRED, and you must passserver_hostname towrap_socket() in order to match the hostname. Enablinghostname checking automatically setsverify_mode fromCERT_NONE toCERT_REQUIRED. It cannot be set back toCERT_NONE as long as hostname checking is enabled. ThePROTOCOL_TLS_CLIENT protocol enables hostname checking by default.With other protocols, hostname checking must be enabled explicitly.

Example:

importsocket,sslcontext=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)context.verify_mode=ssl.CERT_REQUIREDcontext.check_hostname=Truecontext.load_default_certs()s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)ssl_sock=context.wrap_socket(s,server_hostname='www.verisign.com')ssl_sock.connect(('www.verisign.com',443))

Added in version 3.4.

Άλλαξε στην έκδοση 3.7:verify_mode is now automatically changedtoCERT_REQUIRED when hostname checking is enabled andverify_mode isCERT_NONE. Previouslythe same operation would have failed with aValueError.

SSLContext.keylog_filename¶

Write TLS keys to a keylog file, whenever key material is generated orreceived. The keylog file is designed for debugging purposes only. Thefile format is specified by NSS and used by many traffic analyzers suchas Wireshark. The log file is opened in append-only mode. Writes aresynchronized between threads, but not between processes.

Added in version 3.8.

SSLContext.maximum_version¶

ATLSVersion enum member representing the highest supportedTLS version. The value defaults toTLSVersion.MAXIMUM_SUPPORTED.The attribute is read-only for protocols other thanPROTOCOL_TLS,PROTOCOL_TLS_CLIENT, andPROTOCOL_TLS_SERVER.

The attributesmaximum_version,minimum_version andSSLContext.options all affect the supported SSLand TLS versions of the context. The implementation does not preventinvalid combination. For example a context withOP_NO_TLSv1_2 inoptions andmaximum_version set toTLSVersion.TLSv1_2will not be able to establish a TLS 1.2 connection.

Added in version 3.7.

SSLContext.minimum_version¶

LikeSSLContext.maximum_version except it is the lowestsupported version orTLSVersion.MINIMUM_SUPPORTED.

Added in version 3.7.

SSLContext.num_tickets¶

Control the number of TLS 1.3 session tickets of aPROTOCOL_TLS_SERVER context. The setting has no impact on TLS1.0 to 1.2 connections.

Added in version 3.8.

SSLContext.options¶

An integer representing the set of SSL options enabled on this context.The default value isOP_ALL, but you can specify other optionssuch asOP_NO_SSLv2 by ORing them together.

Άλλαξε στην έκδοση 3.6:SSLContext.options returnsOptions flags:

>>>ssl.create_default_context().options<Options.OP_ALL|OP_NO_SSLv3|OP_NO_SSLv2|OP_NO_COMPRESSION: 2197947391>

Αποσύρθηκε στην έκδοση 3.7:AllOP_NO_SSL* andOP_NO_TLS* options have been deprecated sincePython 3.7. UseSSLContext.minimum_version andSSLContext.maximum_version instead.

SSLContext.post_handshake_auth¶

Enable TLS 1.3 post-handshake client authentication. Post-handshake authis disabled by default and a server can only request a TLS clientcertificate during the initial handshake. When enabled, a server mayrequest a TLS client certificate at any time after the handshake.

When enabled on client-side sockets, the client signals the server thatit supports post-handshake authentication.

When enabled on server-side sockets,SSLContext.verify_mode mustbe set toCERT_OPTIONAL orCERT_REQUIRED, too. Theactual client cert exchange is delayed untilSSLSocket.verify_client_post_handshake() is called and some I/O isperformed.

Added in version 3.8.

SSLContext.protocol¶

The protocol version chosen when constructing the context. This attributeis read-only.

SSLContext.hostname_checks_common_name¶

Whethercheck_hostname falls back to verify the cert’ssubject common name in the absence of a subject alternative nameextension (default: true).

Added in version 3.7.

Άλλαξε στην έκδοση 3.10:The flag had no effect with OpenSSL before version 1.1.1l. Python 3.8.9,3.9.3, and 3.10 include workarounds for previous versions.

SSLContext.security_level¶

An integer representing thesecurity levelfor the context. This attribute is read-only.

Added in version 3.10.

SSLContext.verify_flags¶

The flags for certificate verification operations. You can set flags likeVERIFY_CRL_CHECK_LEAF by ORing them together. By default OpenSSLdoes neither require nor verify certificate revocation lists (CRLs).

Added in version 3.4.

Άλλαξε στην έκδοση 3.6:SSLContext.verify_flags returnsVerifyFlags flags:

>>>ssl.create_default_context().verify_flags<VerifyFlags.VERIFY_X509_TRUSTED_FIRST: 32768>

SSLContext.verify_mode¶

Whether to try to verify other peers” certificates and how to behaveif verification fails. This attribute must be one ofCERT_NONE,CERT_OPTIONAL orCERT_REQUIRED.

Άλλαξε στην έκδοση 3.6:SSLContext.verify_mode returnsVerifyMode enum:

>>>ssl.create_default_context().verify_mode<VerifyMode.CERT_REQUIRED: 2>

SSLContext.set_psk_client_callback(callback)¶

Enables TLS-PSK (pre-shared key) authentication on a client-side connection.

In general, certificate based authentication should be preferred over this method.

The parametercallback is a callable object with the signature:defcallback(hint:str|None)->tuple[str|None,bytes].Thehint parameter is an optional identity hint sent by the server.The return value is a tuple in the form (client-identity, psk).Client-identity is an optional string which may be used by the server toselect a corresponding PSK for the client. The string must be less than orequal to256 octets when UTF-8 encoded. PSK is abytes-like object representing the pre-shared key. Return a zerolength PSK to reject the connection.

Settingcallback toNone removes any existing callback.

Σημείωση

When using TLS 1.3:

• thehint parameter is alwaysNone.

• client-identity must be a non-empty string.

Example usage:

context=ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)context.check_hostname=Falsecontext.verify_mode=ssl.CERT_NONEcontext.maximum_version=ssl.TLSVersion.TLSv1_2context.set_ciphers('PSK')# A simple lambda:psk=bytes.fromhex('c0ffee')context.set_psk_client_callback(lambdahint:(None,psk))# A table using the hint from the server:psk_table={'ServerId_1':bytes.fromhex('c0ffee'),'ServerId_2':bytes.fromhex('facade')}defcallback(hint):return'ClientId_1',psk_table.get(hint,b'')context.set_psk_client_callback(callback)

This method will raiseNotImplementedError ifHAS_PSK isFalse.

Added in version 3.13.

SSLContext.set_psk_server_callback(callback,identity_hint=None)¶

Enables TLS-PSK (pre-shared key) authentication on a server-side connection.

In general, certificate based authentication should be preferred over this method.

The parametercallback is a callable object with the signature:defcallback(identity:str|None)->bytes.Theidentity parameter is an optional identity sent by the client which canbe used to select a corresponding PSK.The return value is abytes-like object representing the pre-shared key.Return a zero length PSK to reject the connection.

Settingcallback toNone removes any existing callback.

The parameteridentity_hint is an optional identity hint string sent tothe client. The string must be less than or equal to256 octets whenUTF-8 encoded.

Σημείωση

When using TLS 1.3 theidentity_hint parameter is not sent to the client.

Example usage:

context=ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)context.maximum_version=ssl.TLSVersion.TLSv1_2context.set_ciphers('PSK')# A simple lambda:psk=bytes.fromhex('c0ffee')context.set_psk_server_callback(lambdaidentity:psk)# A table using the identity of the client:psk_table={'ClientId_1':bytes.fromhex('c0ffee'),'ClientId_2':bytes.fromhex('facade')}defcallback(identity):returnpsk_table.get(identity,b'')context.set_psk_server_callback(callback,'ServerId_1')

This method will raiseNotImplementedError ifHAS_PSK isFalse.

Added in version 3.13.

Certificates¶

Certificates in general are part of a public-key / private-key system. In thissystem, eachprincipal, (which may be a machine, or a person, or anorganization) is assigned a unique two-part encryption key. One part of the keyis public, and is called thepublic key; the other part is kept secret, and iscalled theprivate key. The two parts are related, in that if you encrypt amessage with one of the parts, you can decrypt it with the other part, andonly with the other part.

A certificate contains information about two principals. It contains the nameof asubject, and the subject’s public key. It also contains a statement by asecond principal, theissuer, that the subject is who they claim to be, andthat this is indeed the subject’s public key. The issuer’s statement is signedwith the issuer’s private key, which only the issuer knows. However, anyone canverify the issuer’s statement by finding the issuer’s public key, decrypting thestatement with it, and comparing it to the other information in the certificate.The certificate also contains information about the time period over which it isvalid. This is expressed as two fields, called «notBefore» and «notAfter».

In the Python use of certificates, a client or server can use a certificate toprove who they are. The other side of a network connection can also be requiredto produce a certificate, and that certificate can be validated to thesatisfaction of the client or server that requires such validation. Theconnection attempt can be set to raise an exception if the validation fails.Validation is done automatically, by the underlying OpenSSL framework; theapplication need not concern itself with its mechanics. But the applicationdoes usually need to provide sets of certificates to allow this process to takeplace.

Python uses files to contain certificates. They should be formatted as «PEM»(seeRFC 1422), which is a base-64 encoded form wrapped with a header lineand a footer line:

-----BEGINCERTIFICATE-----...(certificateinbase64PEMencoding)...-----ENDCERTIFICATE-----

-----BEGINCERTIFICATE-----...(certificateforyourserver)...-----ENDCERTIFICATE----------BEGINCERTIFICATE-----...(thecertificatefortheCA)...-----ENDCERTIFICATE----------BEGINCERTIFICATE-----...(therootcertificatefortheCA's issuer)...-----ENDCERTIFICATE-----

-----BEGINRSAPRIVATEKEY-----...(privatekeyinbase64encoding)...-----ENDRSAPRIVATEKEY----------BEGINCERTIFICATE-----...(certificateinbase64PEMencoding)...-----ENDCERTIFICATE-----

%opensslreq-new-x509-days365-nodes-outcert.pem-keyoutcert.pemGeneratinga1024bitRSAprivatekey.......++++++.............................++++++writingnewprivatekeyto'cert.pem'-----Youareabouttobeaskedtoenterinformationthatwillbeincorporatedintoyourcertificaterequest.WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.TherearequiteafewfieldsbutyoucanleavesomeblankForsomefieldstherewillbeadefaultvalue,Ifyouenter'.',thefieldwillbeleftblank.-----CountryName(2lettercode)[AU]:USStateorProvinceName(fullname)[Some-State]:MyStateLocalityName(eg,city)[]:SomeCityOrganizationName(eg,company)[InternetWidgitsPtyLtd]:MyOrganization,Inc.OrganizationalUnitName(eg,section)[]:MyGroupCommonName(eg,YOURname)[]:myserver.mygroup.myorganization.comEmailAddress[]:ops@myserver.mygroup.myorganization.com%

Examples¶

try:importsslexceptImportError:passelse:...# do something that requires SSL support

>>>context=ssl.create_default_context()

>>>context=ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)>>>context.load_verify_locations("/etc/ssl/certs/ca-bundle.crt")

>>>conn=context.wrap_socket(socket.socket(socket.AF_INET),...server_hostname="www.python.org")>>>conn.connect(("www.python.org",443))

>>>cert=conn.getpeercert()

>>>pprint.pprint(cert){'OCSP': ('http://ocsp.digicert.com',), 'caIssuers': ('http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt',), 'crlDistributionPoints': ('http://crl3.digicert.com/sha2-ev-server-g1.crl',                           'http://crl4.digicert.com/sha2-ev-server-g1.crl'), 'issuer': ((('countryName', 'US'),),            (('organizationName', 'DigiCert Inc'),),            (('organizationalUnitName', 'www.digicert.com'),),            (('commonName', 'DigiCert SHA2 Extended Validation Server CA'),)), 'notAfter': 'Sep  9 12:00:00 2016 GMT', 'notBefore': 'Sep  5 00:00:00 2014 GMT', 'serialNumber': '01BB6F00122B177F36CAB49CEA8B6B26', 'subject': ((('businessCategory', 'Private Organization'),),             (('1.3.6.1.4.1.311.60.2.1.3', 'US'),),             (('1.3.6.1.4.1.311.60.2.1.2', 'Delaware'),),             (('serialNumber', '3359300'),),             (('streetAddress', '16 Allen Rd'),),             (('postalCode', '03894-4801'),),             (('countryName', 'US'),),             (('stateOrProvinceName', 'NH'),),             (('localityName', 'Wolfeboro'),),             (('organizationName', 'Python Software Foundation'),),             (('commonName', 'www.python.org'),)), 'subjectAltName': (('DNS', 'www.python.org'),                    ('DNS', 'python.org'),                    ('DNS', 'pypi.org'),                    ('DNS', 'docs.python.org'),                    ('DNS', 'testpypi.org'),                    ('DNS', 'bugs.python.org'),                    ('DNS', 'wiki.python.org'),                    ('DNS', 'hg.python.org'),                    ('DNS', 'mail.python.org'),                    ('DNS', 'packaging.python.org'),                    ('DNS', 'pythonhosted.org'),                    ('DNS', 'www.pythonhosted.org'),                    ('DNS', 'test.pythonhosted.org'),                    ('DNS', 'us.pycon.org'),                    ('DNS', 'id.python.org')), 'version': 3}

>>>conn.sendall(b"HEAD / HTTP/1.0\r\nHost: linuxfr.org\r\n\r\n")>>>pprint.pprint(conn.recv(1024).split(b"\r\n"))[b'HTTP/1.1 200 OK', b'Date: Sat, 18 Oct 2014 18:27:20 GMT', b'Server: nginx', b'Content-Type: text/html; charset=utf-8', b'X-Frame-Options: SAMEORIGIN', b'Content-Length: 45679', b'Accept-Ranges: bytes', b'Via: 1.1 varnish', b'Age: 2188', b'X-Served-By: cache-lcy1134-LCY', b'X-Cache: HIT', b'X-Cache-Hits: 11', b'Vary: Cookie', b'Strict-Transport-Security: max-age=63072000; includeSubDomains', b'Connection: close', b'', b'']

importsocket,sslcontext=ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)context.load_cert_chain(certfile="mycertfile",keyfile="mykeyfile")bindsocket=socket.socket()bindsocket.bind(('myaddr.example.com',10023))bindsocket.listen(5)

whileTrue:newsocket,fromaddr=bindsocket.accept()connstream=context.wrap_socket(newsocket,server_side=True)try:deal_with_client(connstream)finally:connstream.shutdown(socket.SHUT_RDWR)connstream.close()

defdeal_with_client(connstream):data=connstream.recv(1024)# empty data means the client is finished with uswhiledata:ifnotdo_something(connstream,data):# we'll assume do_something returns False# when we're finished with clientbreakdata=connstream.recv(1024)# finished with client

Notes on non-blocking sockets¶

SSL sockets behave slightly different than regular sockets innon-blocking mode. When working with non-blocking sockets, there arethus several things you need to be aware of:

• MostSSLSocket methods will raise eitherSSLWantWriteError orSSLWantReadError instead ofBlockingIOError if an I/O operation wouldblock.SSLWantReadError will be raised if a read operation onthe underlying socket is necessary, andSSLWantWriteError fora write operation on the underlying socket. Note that attempts towrite to an SSL socket may requirereading from the underlyingsocket first, and attempts toread from the SSL socket may requirea priorwrite to the underlying socket.

  Άλλαξε στην έκδοση 3.5:In earlier Python versions, theSSLSocket.send() methodreturned zero instead of raisingSSLWantWriteError orSSLWantReadError.

• Callingselect() tells you that the OS-level socket can beread from (or written to), but it does not imply that there is sufficientdata at the upper SSL layer. For example, only part of an SSL frame mighthave arrived. Therefore, you must be ready to handleSSLSocket.recv()andSSLSocket.send() failures, and retry after another call toselect().

• Conversely, since the SSL layer has its own framing, a SSL socket maystill have data available for reading withoutselect()being aware of it. Therefore, you should first callSSLSocket.recv() to drain any potentially available data, and thenonly block on aselect() call if still necessary.

  (of course, similar provisions apply when using other primitives such aspoll(), or those in theselectors module)

• The SSL handshake itself will be non-blocking: theSSLSocket.do_handshake() method has to be retried until it returnssuccessfully. Here is a synopsis usingselect() to wait forthe socket’s readiness:

  whileTrue:try:sock.do_handshake()breakexceptssl.SSLWantReadError:select.select([sock],[],[])exceptssl.SSLWantWriteError:select.select([],[sock],[])

Memory BIO Support¶

Ever since the SSL module was introduced in Python 2.6, theSSLSocketclass has provided two related but distinct areas of functionality:

• SSL protocol handling

• Network IO

The network IO API is identical to that provided bysocket.socket,from whichSSLSocket also inherits. This allows an SSL socket to beused as a drop-in replacement for a regular socket, making it very easy to addSSL support to an existing application.

Combining SSL protocol handling and network IO usually works well, but thereare some cases where it doesn’t. An example is async IO frameworks that want touse a different IO multiplexing model than the «select/poll on a filedescriptor» (readiness based) model that is assumed bysocket.socketand by the internal OpenSSL socket IO routines. This is mostly relevant forplatforms like Windows where this model is not efficient. For this purpose, areduced scope variant ofSSLSocket calledSSLObject isprovided.

classssl.SSLObject¶

A reduced-scope variant ofSSLSocket representing an SSL protocolinstance that does not contain any network IO methods. This class istypically used by framework authors that want to implement asynchronous IOfor SSL through memory buffers.

This class implements an interface on top of a low-level SSL object asimplemented by OpenSSL. This object captures the state of an SSL connectionbut does not provide any network IO itself. IO needs to be performed throughseparate «BIO» objects which are OpenSSL’s IO abstraction layer.

This class has no public constructor. AnSSLObject instancemust be created using thewrap_bio() method. Thismethod will create theSSLObject instance and bind it to apair of BIOs. Theincoming BIO is used to pass data from Python to theSSL protocol instance, while theoutgoing BIO is used to pass data theother way around.

The following methods are available:

• context

• server_side

• server_hostname

• session

• session_reused

• read()

• write()

• getpeercert()

• get_verified_chain()

• get_unverified_chain()

• selected_alpn_protocol()

• selected_npn_protocol()

• cipher()

• shared_ciphers()

• compression()

• pending()

• do_handshake()

• verify_client_post_handshake()

• unwrap()

• get_channel_binding()

• version()

When compared toSSLSocket, this object lacks the followingfeatures:

• Any form of network IO;recv() andsend() read and write only tothe underlyingMemoryBIO buffers.

• There is nodo_handshake_on_connect machinery. You must always manuallycalldo_handshake() to start the handshake.

• There is no handling ofsuppress_ragged_eofs. All end-of-file conditionsthat are in violation of the protocol are reported via theSSLEOFError exception.

• The methodunwrap() call does not return anything,unlike for an SSL socket where it returns the underlying socket.

• Theserver_name_callback callback passed toSSLContext.set_servername_callback() will get anSSLObjectinstance instead of aSSLSocket instance as its first parameter.

Some notes related to the use ofSSLObject:

• All IO on anSSLObject isnon-blocking.This means that for exampleread() will raise anSSLWantReadError if it needs more data than the incoming BIO hasavailable.

Άλλαξε στην έκδοση 3.7:SSLObject instances must be created withwrap_bio(). In earlier versions, it was possible tocreate instances directly. This was never documented or officiallysupported.

An SSLObject communicates with the outside world using memory buffers. TheclassMemoryBIO provides a memory buffer that can be used for thispurpose. It wraps an OpenSSL memory BIO (Basic IO) object:

classssl.MemoryBIO¶

A memory buffer that can be used to pass data between Python and an SSLprotocol instance.

pending¶

Return the number of bytes currently in the memory buffer.

eof¶

A boolean indicating whether the memory BIO is current at the end-of-fileposition.

read(n=-1)¶

Read up ton bytes from the memory buffer. Ifn is not specified ornegative, all bytes are returned.

write(buf)¶

Write the bytes frombuf to the memory BIO. Thebuf argument must be anobject supporting the buffer protocol.

The return value is the number of bytes written, which is always equal tothe length ofbuf.

write_eof()¶

Write an EOF marker to the memory BIO. After this method has been called, itis illegal to callwrite(). The attributeeof willbecome true after all data currently in the buffer has been read.

SSL session¶

classssl.SSLSession¶

Session object used bysession.

id¶

time¶

timeout¶

ticket_lifetime_hint¶

has_ticket¶

Security considerations¶

>>>importssl,smtplib>>>smtp=smtplib.SMTP("mail.python.org",port=587)>>>context=ssl.create_default_context()>>>smtp.starttls(context=context)(220, b'2.0.0 Ready to start TLS')

>>>client_context=ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)>>>client_context.minimum_version=ssl.TLSVersion.TLSv1_3>>>client_context.maximum_version=ssl.TLSVersion.TLSv1_3

TLS 1.3¶

The TLS 1.3 protocol behaves slightly differently than previous versionof TLS/SSL. Some new TLS 1.3 features are not yet available.

• TLS 1.3 uses a disjunct set of cipher suites. All AES-GCM andChaCha20 cipher suites are enabled by default. The methodSSLContext.set_ciphers() cannot enable or disable any TLS 1.3ciphers yet, butSSLContext.get_ciphers() returns them.

• Session tickets are no longer sent as part of the initial handshake andare handled differently.SSLSocket.session andSSLSessionare not compatible with TLS 1.3.

• Client-side certificates are also no longer verified during the initialhandshake. A server can request a certificate at any time. Clientsprocess certificate requests while they send or receive application datafrom the server.

• TLS 1.3 features like early data, deferred TLS client cert request,signature algorithm configuration, and rekeying are not supported yet.