函式、常數與例外¶

importsocketimportsslhostname='www.python.org'context=ssl.create_default_context()withsocket.create_connection((hostname,443))assock:withcontext.wrap_socket(sock,server_hostname=hostname)asssock:print(ssock.version())

hostname='www.python.org'# PROTOCOL_TLS_CLIENT requires valid cert chain and hostnamecontext=ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)context.load_verify_locations('path/to/cabundle.pem')withsocket.socket(socket.AF_INET,socket.SOCK_STREAM,0)assock:withcontext.wrap_socket(sock,server_hostname=hostname)asssock:print(ssock.version())

context=ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)context.load_cert_chain('/path/to/certchain.pem','/path/to/private.key')withsocket.socket(socket.AF_INET,socket.SOCK_STREAM,0)assock:sock.bind(('127.0.0.1',8443))sock.listen(5)withcontext.wrap_socket(sock,server_side=True)asssock:conn,addr=ssock.accept()...

SSL Sockets¶

classssl.SSLSocket(socket.socket)¶

SSL sockets 提供以下Socket 物件 方法：

• accept()

• bind()

• close()

• connect()

• detach()

• fileno()

• getpeername()、getsockname()

• getsockopt()、setsockopt()

• gettimeout()、settimeout()、setblocking()

• listen()

• makefile()

• recv()、recv_into() （但不允許傳遞非零的flags 引數）

• send()、sendall() （同樣不允許傳遞非零的flags 引數）

• sendfile() （但os.sendfile 只能用於純文本 sockets，其餘則會使用send()）

• shutdown()

然而，由於 SSL（和 TLS）協定在 TCP 之上有自己的框架，因此在某些方面，SSL sockets 的抽象可能會與普通作業系統級別的 sockets 規範有所不同。特別是請參閱關於 non-blocking sockets 的說明。

SSLSocket 的實例必須使用SSLContext.wrap_socket() 方法建立。

在 3.5 版的變更:新增sendfile() 方法。

在 3.5 版的變更:shutdown() 不會在每次接收或發送位元組時重置 socket 超時時間。現在，socket 超時時間是關閉操作的最大總持續時間。

在 3.6 版之後被棄用:直接建立SSLSocket 實例的方式已被棄用，請使用SSLContext.wrap_socket() 來包裝 socket。

在 3.7 版的變更:SSLSocket 實例必須使用wrap_socket() 建立。在較早的版本中可以直接建立實例，但這從未被記錄或正式支援。

在 3.10 版的變更:Python 現在內部使用了SSL_read_ex 和SSL_write_ex 函式。這些函式支援讀取和寫入大於 2 GB 的資料。寫入零長度的資料不再會導致協定違規錯誤。

SSL sockets 還具有以下附加方法和屬性：

SSLSocket.read(len=1024,buffer=None)¶

從 SSL socket 讀取len 位元組的資料，並將結果以bytes 實例的形式回傳。如果指定了buffer，則將資料讀入緩衝區，並回傳讀取的位元組。

如果 socket 是非阻塞的則會引發SSLWantReadError 或SSLWantWriteError 並且讀取操作將會被阻塞。

由於在任何時刻都可能發生重新協商，呼叫read() 也可能觸發寫入操作。

在 3.5 版的變更:當接收或發送位元組時，socket 的超時時間將不再重置。現在，socket 超時時間是讀取最多len 位元組的總最大持續時間。

在 3.6 版之後被棄用:請改用recv() 來替換掉read()。

SSLSocket.write(buf)¶

將buf 寫入 SSL socket 並回傳寫入的位元組數量。buf 引數必須是支援緩衝區介面的物件。

如果 socket 是非阻塞的則會引發SSLWantReadError 或SSLWantWriteError 並且寫入操作將會被阻塞。

由於在任何時刻都可能發生重新協商，呼叫write() 也可能觸發讀取操作。

在 3.5 版的變更:當接收或發送位元組時，socket 的超時時間將不再重置。現在，socket 超時時間是寫入buf 的總最大持續時間。

在 3.6 版之後被棄用:請改用send() 來替換掉write()。

SSLSocket.do_handshake()¶

執行 SSL 設定握手。

在 3.4 版的變更:當 socket 的context 的check_hostname 屬性質為 true 時，握手方法也會執行match_hostname()。

在 3.5 版的變更:Socket 超時時間已經不會在每次接收或傳送位元組時重置。現在，超時時間是握手過程的最大總持續時間。

在 3.7 版的變更:在握手過程中，OpenSSL 會去配對主機名稱或 IP 地址。已不再使用match_hostname() 函式。如果 OpenSSL 拒絕某個主機名稱或 IP 地址，握手將會提前中止，並向對方發送 TLS 警報訊息。

SSLSocket.getpeercert(binary_form=False)¶

如果連線端沒有證書，則回傳None。如果 SSL 握手尚未完成，則引發ValueError。

如果binary_form 參數為False，且從對等 (peer) 接收到證書，則該方法回傳一個dict 實例。如果證書未被驗證，則該字典為空。若證書已被驗證，則回傳的字典將包含數個鍵值，包括subject (證書所簽發的對象) 和issuer (簽發證書的主體)。如果證書中包含Subject Alternative Name 擴充 (參考RFC 3280)，字典中還會有一個subjectAltName 鍵。

subject 和issuer 欄位欄位是包含相對識別名稱 (relative distinguished names, RDNs) 序列的元組，這些 RDN 來自證書資料結構中的相應欄位。每個 RDN 都是一組名稱與值的對。以下是現實中的範例：

{'issuer':((('countryName','IL'),),(('organizationName','StartCom Ltd.'),),(('organizationalUnitName','Secure Digital Certificate Signing'),),(('commonName','StartCom Class 2 Primary Intermediate Server CA'),)),'notAfter':'Nov 22 08:15:19 2013 GMT','notBefore':'Nov 21 03:09:52 2011 GMT','serialNumber':'95F0','subject':((('description','571208-SLe257oHY9fVQ07Z'),),(('countryName','US'),),(('stateOrProvinceName','California'),),(('localityName','San Francisco'),),(('organizationName','Electronic Frontier Foundation, Inc.'),),(('commonName','*.eff.org'),),(('emailAddress','hostmaster@eff.org'),)),'subjectAltName':(('DNS','*.eff.org'),('DNS','eff.org')),'version':3}

如果binary_form 參數設定為True，且對等提供了證書，則該方法會以 DER 編碼形式 將整個證書以位元組序列形式回傳。如果對等未提供證書，則回傳None。對等是否提供證書取決於 SSL socket 的腳色：

• 對於客戶端 SSL socket，伺服器將永遠提供證書，無論是否需要進行驗證；

• 對於伺服器 SSL socket，客戶端僅在伺服器要求時才會提供證書；因此，如果你使用的是CERT_NONE (而非CERT_OPTIONAL 或CERT_REQUIRED)，則getpeercert() 會回傳None。

請見SSLContext.check_hostname。

在 3.2 版的變更:The returned dictionary includes additional items such asissuerandnotBefore.

在 3.4 版的變更:ValueError is raised when the handshake isn't done.The returned dictionary includes additional X509v3 extension items such ascrlDistributionPoints,caIssuers andOCSP URIs.

在 3.9 版的變更:IPv6 address strings no longer have a trailing new line.

SSLSocket.get_verified_chain()¶

Returns verified certificate chain provided by the otherend of the SSL channel as a list of DER-encoded bytes.If certificate verification was disabled method acts the same asget_unverified_chain().

在 3.13 版被加入.

SSLSocket.get_unverified_chain()¶

Returns raw certificate chain provided by the otherend of the SSL channel as a list of DER-encoded bytes.

在 3.13 版被加入.

SSLSocket.cipher()¶

Returns a three-value tuple containing the name of the cipher being used, theversion of the SSL protocol that defines its use, and the number of secretbits being used. If no connection has been established, returnsNone.

SSLSocket.shared_ciphers()¶

Return the list of ciphers available in both the client and server. Eachentry of the returned list is a three-value tuple containing the name of thecipher, the version of the SSL protocol that defines its use, and the numberof secret bits the cipher uses.shared_ciphers() returnsNone if no connection has been established or the socket is a clientsocket.

在 3.5 版被加入.

SSLSocket.compression()¶

Return the compression algorithm being used as a string, orNoneif the connection isn't compressed.

If the higher-level protocol supports its own compression mechanism,you can useOP_NO_COMPRESSION to disable SSL-level compression.

在 3.3 版被加入.

SSLSocket.get_channel_binding(cb_type='tls-unique')¶

Get channel binding data for current connection, as a bytes object. ReturnsNone if not connected or the handshake has not been completed.

Thecb_type parameter allow selection of the desired channel bindingtype. Valid channel binding types are listed in theCHANNEL_BINDING_TYPES list. Currently only the 'tls-unique' channelbinding, defined byRFC 5929, is supported.ValueError will beraised if an unsupported channel binding type is requested.

在 3.3 版被加入.

SSLSocket.selected_alpn_protocol()¶

Return the protocol that was selected during the TLS handshake. IfSSLContext.set_alpn_protocols() was not called, if the other party doesnot support ALPN, if this socket does not support any of the client'sproposed protocols, or if the handshake has not happened yet,None isreturned.

在 3.5 版被加入.

SSLSocket.selected_npn_protocol()¶

Return the higher-level protocol that was selected during the TLS/SSLhandshake. IfSSLContext.set_npn_protocols() was not called, orif the other party does not support NPN, or if the handshake has not yethappened, this will returnNone.

在 3.3 版被加入.

在 3.10 版之後被棄用:NPN has been superseded by ALPN

SSLSocket.unwrap()¶

Performs the SSL shutdown handshake, which removes the TLS layer from theunderlying socket, and returns the underlying socket object. This can beused to go from encrypted operation over a connection to unencrypted. Thereturned socket should always be used for further communication with theother side of the connection, rather than the original socket.

SSLSocket.verify_client_post_handshake()¶

Requests post-handshake authentication (PHA) from a TLS 1.3 client. PHAcan only be initiated for a TLS 1.3 connection from a server-side socket,after the initial TLS handshake and with PHA enabled on both sides, seeSSLContext.post_handshake_auth.

The method does not perform a cert exchange immediately. The server-sidesends a CertificateRequest during the next write event and expects theclient to respond with a certificate on the next read event.

If any precondition isn't met (e.g. not TLS 1.3, PHA not enabled), anSSLError is raised.

備註

Only available with OpenSSL 1.1.1 and TLS 1.3 enabled. Without TLS 1.3support, the method raisesNotImplementedError.

在 3.8 版被加入.

SSLSocket.version()¶

Return the actual SSL protocol version negotiated by the connectionas a string, orNone if no secure connection is established.As of this writing, possible return values include"SSLv2","SSLv3","TLSv1","TLSv1.1" and"TLSv1.2".Recent OpenSSL versions may define more return values.

在 3.5 版被加入.

SSLSocket.pending()¶

Returns the number of already decrypted bytes available for read, pending onthe connection.

SSLSocket.context¶

TheSSLContext object this SSL socket is tied to.

在 3.2 版被加入.

SSLSocket.server_side¶

A boolean which isTrue for server-side sockets andFalse forclient-side sockets.

在 3.2 版被加入.

SSLSocket.server_hostname¶

Hostname of the server:str type, orNone for server-sidesocket or if the hostname was not specified in the constructor.

在 3.2 版被加入.

在 3.7 版的變更:The attribute is now always ASCII text. Whenserver_hostname isan internationalized domain name (IDN), this attribute now stores theA-label form ("xn--pythn-mua.org"), rather than the U-label form("pythön.org").

SSLSocket.session¶

TheSSLSession for this SSL connection. The session is availablefor client and server side sockets after the TLS handshake has beenperformed. For client sockets the session can be set beforedo_handshake() has been called to reuse a session.

在 3.6 版被加入.

SSLSocket.session_reused¶

在 3.6 版被加入.

SSL Contexts¶

An SSL context holds various data longer-lived than single SSL connections,such as SSL configuration options, certificate(s) and private key(s).It also manages a cache of SSL sessions for server-side sockets, in orderto speed up repeated connections from the same clients.

classssl.SSLContext(protocol=None)¶

Create a new SSL context. You may passprotocol which must be oneof thePROTOCOL_* constants defined in this module. The parameterspecifies which version of the SSL protocol to use. Typically, theserver chooses a particular protocol version, and the client must adaptto the server's choice. Most of the versions are not interoperablewith the other versions. If not specified, the default isPROTOCOL_TLS; it provides the most compatibility with otherversions.

Here's a table showing which versions in a client (down the side) can connectto which versions in a server (along the top):

client /server	SSLv2	SSLv3	TLS[3]	TLSv1	TLSv1.1	TLSv1.2
SSLv2	yes	no	no[1]	no	no	no
SSLv3	no	yes	no[2]	no	no	no
TLS (SSLv23)[3]	no[1]	no[2]	yes	yes	yes	yes
TLSv1	no	no	yes	yes	no	no
TLSv1.1	no	no	yes	no	yes	no
TLSv1.2	no	no	yes	no	no	yes

註解

[1](1,2)

SSLContext 預設會關閉 SSLv2 的OP_NO_SSLv2。

[2](1,2)

SSLContext 預設會關閉 SSLv3 的OP_NO_SSLv3。

[3](1,2)

TLS 1.3 protocol will be available withPROTOCOL_TLS inOpenSSL >= 1.1.1. There is no dedicated PROTOCOL constant for justTLS 1.3.

也參考

create_default_context() lets thessl module choosesecurity settings for a given purpose.

在 3.6 版的變更:The context is created with secure default values. The optionsOP_NO_COMPRESSION,OP_CIPHER_SERVER_PREFERENCE,OP_SINGLE_DH_USE,OP_SINGLE_ECDH_USE,OP_NO_SSLv2,andOP_NO_SSLv3 (except forPROTOCOL_SSLv3) areset by default. The initial cipher suite list contains onlyHIGHciphers, noNULL ciphers and noMD5 ciphers.

在 3.10 版之後被棄用:SSLContext without protocol argument is deprecated. Thecontext class will either requirePROTOCOL_TLS_CLIENT orPROTOCOL_TLS_SERVER protocol in the future.

在 3.10 版的變更:The default cipher suites now include only secure AES and ChaCha20ciphers with forward secrecy and security level 2. RSA and DH keys withless than 2048 bits and ECC keys with less than 224 bits are prohibited.PROTOCOL_TLS,PROTOCOL_TLS_CLIENT, andPROTOCOL_TLS_SERVER use TLS 1.2 as minimum TLS version.

備註

SSLContext only supports limited mutation once it has been usedby a connection. Adding new certificates to the internal trust store isallowed, but changing ciphers, verification settings, or mTLScertificates may result in surprising behavior.

備註

SSLContext is designed to be shared and used by multipleconnections.Thus, it is thread-safe as long as it is not reconfigured after beingused by a connection.

SSLContext objects have the following methods and attributes:

SSLContext.cert_store_stats()¶

Get statistics about quantities of loaded X.509 certificates, count ofX.509 certificates flagged as CA certificates and certificate revocationlists as dictionary.

Example for a context with one CA cert and one other cert:

>>>context.cert_store_stats(){'crl': 0, 'x509_ca': 1, 'x509': 2}

在 3.4 版被加入.

SSLContext.load_cert_chain(certfile,keyfile=None,password=None)¶

Load a private key and the corresponding certificate. Thecertfilestring must be the path to a single file in PEM format containing thecertificate as well as any number of CA certificates needed to establishthe certificate's authenticity. Thekeyfile string, if present, mustpoint to a file containing the private key. Otherwise the privatekey will be taken fromcertfile as well. See the discussion ofCertificates for more information on how the certificateis stored in thecertfile.

Thepassword argument may be a function to call to get the password fordecrypting the private key. It will only be called if the private key isencrypted and a password is necessary. It will be called with no arguments,and it should return a string, bytes, or bytearray. If the return value isa string it will be encoded as UTF-8 before using it to decrypt the key.Alternatively a string, bytes, or bytearray value may be supplied directlyas thepassword argument. It will be ignored if the private key is notencrypted and no password is needed.

If thepassword argument is not specified and a password is required,OpenSSL's built-in password prompting mechanism will be used tointeractively prompt the user for a password.

AnSSLError is raised if the private key doesn'tmatch with the certificate.

在 3.3 版的變更:New optional argumentpassword.

SSLContext.load_default_certs(purpose=Purpose.SERVER_AUTH)¶

Load a set of default "certification authority" (CA) certificates fromdefault locations. On Windows it loads CA certs from theCA andROOT system stores. On all systems it callsSSLContext.set_default_verify_paths(). In the future the method mayload CA certificates from other locations, too.

Thepurpose flag specifies what kind of CA certificates are loaded. Thedefault settingsPurpose.SERVER_AUTH loads certificates, that areflagged and trusted for TLS web server authentication (client sidesockets).Purpose.CLIENT_AUTH loads CA certificates for clientcertificate verification on the server side.

在 3.4 版被加入.

SSLContext.load_verify_locations(cafile=None,capath=None,cadata=None)¶

Load a set of "certification authority" (CA) certificates used to validateother peers' certificates whenverify_mode is other thanCERT_NONE. At least one ofcafile orcapath must be specified.

This method can also load certification revocation lists (CRLs) in PEM orDER format. In order to make use of CRLs,SSLContext.verify_flagsmust be configured properly.

Thecafile string, if present, is the path to a file of concatenatedCA certificates in PEM format. See the discussion ofCertificates for more information about how to arrange thecertificates in this file.

Thecapath string, if present, isthe path to a directory containing several CA certificates in PEM format,following anOpenSSL specific layout.

Thecadata object, if present, is either an ASCII string of one or morePEM-encoded certificates or abytes-like object of DER-encodedcertificates. Like withcapath extra lines around PEM-encodedcertificates are ignored but at least one certificate must be present.

在 3.4 版的變更:New optional argumentcadata

SSLContext.get_ca_certs(binary_form=False)¶

Get a list of loaded "certification authority" (CA) certificates. If thebinary_form parameter isFalse each listentry is a dict like the output ofSSLSocket.getpeercert(). Otherwisethe method returns a list of DER-encoded certificates. The returned listdoes not contain certificates fromcapath unless a certificate wasrequested and loaded by a SSL connection.

備註

Certificates in a capath directory aren't loaded unless they havebeen used at least once.

在 3.4 版被加入.

SSLContext.get_ciphers()¶

Get a list of enabled ciphers. The list is in order of cipher priority.SeeSSLContext.set_ciphers().

範例：

>>>ctx=ssl.SSLContext(ssl.PROTOCOL_SSLv23)>>>ctx.set_ciphers('ECDHE+AESGCM:!ECDSA')>>>ctx.get_ciphers()[{'aead': True,  'alg_bits': 256,  'auth': 'auth-rsa',  'description': 'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  '                 'Enc=AESGCM(256) Mac=AEAD',  'digest': None,  'id': 50380848,  'kea': 'kx-ecdhe',  'name': 'ECDHE-RSA-AES256-GCM-SHA384',  'protocol': 'TLSv1.2',  'strength_bits': 256,  'symmetric': 'aes-256-gcm'}, {'aead': True,  'alg_bits': 128,  'auth': 'auth-rsa',  'description': 'ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  '                 'Enc=AESGCM(128) Mac=AEAD',  'digest': None,  'id': 50380847,  'kea': 'kx-ecdhe',  'name': 'ECDHE-RSA-AES128-GCM-SHA256',  'protocol': 'TLSv1.2',  'strength_bits': 128,  'symmetric': 'aes-128-gcm'}]

在 3.6 版被加入.

SSLContext.set_default_verify_paths()¶

Load a set of default "certification authority" (CA) certificates froma filesystem path defined when building the OpenSSL library. Unfortunately,there's no easy way to know whether this method succeeds: no error isreturned if no certificates are to be found. When the OpenSSL library isprovided as part of the operating system, though, it is likely to beconfigured properly.

SSLContext.set_ciphers(ciphers)¶

Set the available ciphers for sockets created with this context.It should be a string in theOpenSSL cipher list format.If no cipher can be selected (because compile-time options or otherconfiguration forbids use of all the specified ciphers), anSSLError will be raised.

備註

when connected, theSSLSocket.cipher() method of SSL sockets willgive the currently selected cipher.

TLS 1.3 cipher suites cannot be disabled withset_ciphers().

SSLContext.set_alpn_protocols(protocols)¶

Specify which protocols the socket should advertise during the SSL/TLShandshake. It should be a list of ASCII strings, like['http/1.1','spdy/2'], ordered by preference. The selection of a protocol will happenduring the handshake, and will play out according toRFC 7301. After asuccessful handshake, theSSLSocket.selected_alpn_protocol() method willreturn the agreed-upon protocol.

This method will raiseNotImplementedError ifHAS_ALPN isFalse.

在 3.5 版被加入.

SSLContext.set_npn_protocols(protocols)¶

Specify which protocols the socket should advertise during the SSL/TLShandshake. It should be a list of strings, like['http/1.1','spdy/2'],ordered by preference. The selection of a protocol will happen during thehandshake, and will play out according to theApplication Layer Protocol Negotiation. After asuccessful handshake, theSSLSocket.selected_npn_protocol() method willreturn the agreed-upon protocol.

This method will raiseNotImplementedError ifHAS_NPN isFalse.

在 3.3 版被加入.

在 3.10 版之後被棄用:NPN has been superseded by ALPN

SSLContext.sni_callback¶

Register a callback function that will be called after the TLS Client Hellohandshake message has been received by the SSL/TLS server when the TLS clientspecifies a server name indication. The server name indication mechanismis specified inRFC 6066 section 3 - Server Name Indication.

Only one callback can be set perSSLContext. Ifsni_callbackis set toNone then the callback is disabled. Calling this function asubsequent time will disable the previously registered callback.

The callback function will be called with threearguments; the first being thessl.SSLSocket, the second is a stringthat represents the server name that the client is intending to communicate(orNone if the TLS Client Hello does not contain a server name)and the third argument is the originalSSLContext. The server nameargument is text. For internationalized domain name, the servername is an IDN A-label ("xn--pythn-mua.org").

A typical use of this callback is to change thessl.SSLSocket'sSSLSocket.context attribute to a new object of typeSSLContext representing a certificate chain that matches the servername.

Due to the early negotiation phase of the TLS connection, only limitedmethods and attributes are usable likeSSLSocket.selected_alpn_protocol() andSSLSocket.context.TheSSLSocket.getpeercert(),SSLSocket.get_verified_chain(),SSLSocket.get_unverified_chain()SSLSocket.cipher()andSSLSocket.compression() methods require thatthe TLS connection has progressed beyond the TLS Client Hello and thereforewill not return meaningful values nor can they be called safely.

Thesni_callback function must returnNone to allow theTLS negotiation to continue. If a TLS failure is required, a constantALERT_DESCRIPTION_* can bereturned. Other return values will result in a TLS fatal error withALERT_DESCRIPTION_INTERNAL_ERROR.

If an exception is raised from thesni_callback function the TLSconnection will terminate with a fatal TLS alert messageALERT_DESCRIPTION_HANDSHAKE_FAILURE.

This method will raiseNotImplementedError if the OpenSSL libraryhad OPENSSL_NO_TLSEXT defined when it was built.

在 3.7 版被加入.

SSLContext.set_servername_callback(server_name_callback)¶

This is a legacy API retained for backwards compatibility. When possible,you should usesni_callback instead. The givenserver_name_callbackis similar tosni_callback, except that when the server hostname is anIDN-encoded internationalized domain name, theserver_name_callbackreceives a decoded U-label ("pythön.org").

If there is a decoding error on the server name, the TLS connection willterminate with anALERT_DESCRIPTION_INTERNAL_ERROR fatal TLSalert message to the client.

在 3.4 版被加入.

SSLContext.load_dh_params(dhfile)¶

Load the key generation parameters for Diffie-Hellman (DH) key exchange.Using DH key exchange improves forward secrecy at the expense ofcomputational resources (both on the server and on the client).Thedhfile parameter should be the path to a file containing DHparameters in PEM format.

This setting doesn't apply to client sockets. You can also use theOP_SINGLE_DH_USE option to further improve security.

在 3.3 版被加入.

SSLContext.set_ecdh_curve(curve_name)¶

Set the curve name for Elliptic Curve-based Diffie-Hellman (ECDH) keyexchange. ECDH is significantly faster than regular DH while arguablyas secure. Thecurve_name parameter should be a string describinga well-known elliptic curve, for exampleprime256v1 for a widelysupported curve.

This setting doesn't apply to client sockets. You can also use theOP_SINGLE_ECDH_USE option to further improve security.

This method is not available ifHAS_ECDH isFalse.

在 3.3 版被加入.

也參考

SSL/TLS & Perfect Forward Secrecy

Vincent Bernat.

SSLContext.wrap_socket(sock,server_side=False,do_handshake_on_connect=True,suppress_ragged_eofs=True,server_hostname=None,session=None)¶

Wrap an existing Python socketsock and return an instance ofSSLContext.sslsocket_class (defaultSSLSocket). Thereturned SSL socket is tied to the context, its settings and certificates.sock must be aSOCK_STREAM socket; othersocket types are unsupported.

The parameterserver_side is a boolean which identifies whetherserver-side or client-side behavior is desired from this socket.

For client-side sockets, the context construction is lazy; if theunderlying socket isn't connected yet, the context construction will beperformed afterconnect() is called on the socket. Forserver-side sockets, if the socket has no remote peer, it is assumedto be a listening socket, and the server-side SSL wrapping isautomatically performed on client connections accepted via theaccept() method. The method may raiseSSLError.

On client connections, the optional parameterserver_hostname specifiesthe hostname of the service which we are connecting to. This allows asingle server to host multiple SSL-based services with distinct certificates,quite similarly to HTTP virtual hosts. Specifyingserver_hostname willraise aValueError ifserver_side is true.

The parameterdo_handshake_on_connect specifies whether to do the SSLhandshake automatically after doing asocket.connect(), or whether theapplication program will call it explicitly, by invoking theSSLSocket.do_handshake() method. CallingSSLSocket.do_handshake() explicitly gives the program control over theblocking behavior of the socket I/O involved in the handshake.

The parametersuppress_ragged_eofs specifies how theSSLSocket.recv() method should signal unexpected EOF from the other endof the connection. If specified asTrue (the default), it returns anormal EOF (an empty bytes object) in response to unexpected EOF errorsraised from the underlying socket; ifFalse, it will raise theexceptions back to the caller.

session, seesession.

To wrap anSSLSocket in anotherSSLSocket, useSSLContext.wrap_bio().

在 3.5 版的變更:Always allow a server_hostname to be passed, even if OpenSSL does nothave SNI.

在 3.6 版的變更:新增session 引數。

在 3.7 版的變更:The method returns an instance ofSSLContext.sslsocket_classinstead of hard-codedSSLSocket.

SSLContext.sslsocket_class¶

The return type ofSSLContext.wrap_socket(), defaults toSSLSocket. The attribute can be overridden on instance of classin order to return a custom subclass ofSSLSocket.

在 3.7 版被加入.

SSLContext.wrap_bio(incoming,outgoing,server_side=False,server_hostname=None,session=None)¶

Wrap the BIO objectsincoming andoutgoing and return an instance ofSSLContext.sslobject_class (defaultSSLObject). The SSLroutines will read input data from the incoming BIO and write data to theoutgoing BIO.

Theserver_side,server_hostname andsession parameters have thesame meaning as inSSLContext.wrap_socket().

在 3.6 版的變更:新增session 引數。

在 3.7 版的變更:The method returns an instance ofSSLContext.sslobject_classinstead of hard-codedSSLObject.

SSLContext.sslobject_class¶

The return type ofSSLContext.wrap_bio(), defaults toSSLObject. The attribute can be overridden on instance of classin order to return a custom subclass ofSSLObject.

在 3.7 版被加入.

SSLContext.session_stats()¶

Get statistics about the SSL sessions created or managed by this context.A dictionary is returned which maps the names of eachpiece of information to theirnumeric values. For example, here is the total number of hits and missesin the session cache since the context was created:

>>>stats=context.session_stats()>>>stats['hits'],stats['misses'](0, 0)

SSLContext.check_hostname¶

Whether to match the peer cert's hostname inSSLSocket.do_handshake(). The context'sverify_mode must be set toCERT_OPTIONAL orCERT_REQUIRED, and you must passserver_hostname towrap_socket() in order to match the hostname. Enablinghostname checking automatically setsverify_mode fromCERT_NONE toCERT_REQUIRED. It cannot be set back toCERT_NONE as long as hostname checking is enabled. ThePROTOCOL_TLS_CLIENT protocol enables hostname checking by default.With other protocols, hostname checking must be enabled explicitly.

範例：

importsocket,sslcontext=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)context.verify_mode=ssl.CERT_REQUIREDcontext.check_hostname=Truecontext.load_default_certs()s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)ssl_sock=context.wrap_socket(s,server_hostname='www.verisign.com')ssl_sock.connect(('www.verisign.com',443))

在 3.4 版被加入.

在 3.7 版的變更:verify_mode is now automatically changedtoCERT_REQUIRED when hostname checking is enabled andverify_mode isCERT_NONE. Previouslythe same operation would have failed with aValueError.

SSLContext.keylog_filename¶

Write TLS keys to a keylog file, whenever key material is generated orreceived. The keylog file is designed for debugging purposes only. Thefile format is specified by NSS and used by many traffic analyzers suchas Wireshark. The log file is opened in append-only mode. Writes aresynchronized between threads, but not between processes.

在 3.8 版被加入.

SSLContext.maximum_version¶

ATLSVersion enum member representing the highest supportedTLS version. The value defaults toTLSVersion.MAXIMUM_SUPPORTED.The attribute is read-only for protocols other thanPROTOCOL_TLS,PROTOCOL_TLS_CLIENT, andPROTOCOL_TLS_SERVER.

The attributesmaximum_version,minimum_version andSSLContext.options all affect the supported SSLand TLS versions of the context. The implementation does not preventinvalid combination. For example a context withOP_NO_TLSv1_2 inoptions andmaximum_version set toTLSVersion.TLSv1_2will not be able to establish a TLS 1.2 connection.

在 3.7 版被加入.

SSLContext.minimum_version¶

LikeSSLContext.maximum_version except it is the lowestsupported version orTLSVersion.MINIMUM_SUPPORTED.

在 3.7 版被加入.

SSLContext.num_tickets¶

Control the number of TLS 1.3 session tickets of aPROTOCOL_TLS_SERVER context. The setting has no impact on TLS1.0 to 1.2 connections.

在 3.8 版被加入.

SSLContext.options¶

An integer representing the set of SSL options enabled on this context.The default value isOP_ALL, but you can specify other optionssuch asOP_NO_SSLv2 by ORing them together.

在 3.6 版的變更:SSLContext.options returnsOptions flags:

>>>ssl.create_default_context().options<Options.OP_ALL|OP_NO_SSLv3|OP_NO_SSLv2|OP_NO_COMPRESSION: 2197947391>

在 3.7 版之後被棄用:AllOP_NO_SSL* andOP_NO_TLS* options have been deprecated sincePython 3.7. UseSSLContext.minimum_version andSSLContext.maximum_version instead.

SSLContext.post_handshake_auth¶

Enable TLS 1.3 post-handshake client authentication. Post-handshake authis disabled by default and a server can only request a TLS clientcertificate during the initial handshake. When enabled, a server mayrequest a TLS client certificate at any time after the handshake.

When enabled on client-side sockets, the client signals the server thatit supports post-handshake authentication.

When enabled on server-side sockets,SSLContext.verify_mode mustbe set toCERT_OPTIONAL orCERT_REQUIRED, too. Theactual client cert exchange is delayed untilSSLSocket.verify_client_post_handshake() is called and some I/O isperformed.

在 3.8 版被加入.

SSLContext.protocol¶

The protocol version chosen when constructing the context. This attributeis read-only.

SSLContext.hostname_checks_common_name¶

Whethercheck_hostname falls back to verify the cert'ssubject common name in the absence of a subject alternative nameextension (default: true).

在 3.7 版被加入.

在 3.10 版的變更:The flag had no effect with OpenSSL before version 1.1.1l. Python 3.8.9,3.9.3, and 3.10 include workarounds for previous versions.

SSLContext.security_level¶

An integer representing thesecurity levelfor the context. This attribute is read-only.

在 3.10 版被加入.

SSLContext.verify_flags¶

The flags for certificate verification operations. You can set flags likeVERIFY_CRL_CHECK_LEAF by ORing them together. By default OpenSSLdoes neither require nor verify certificate revocation lists (CRLs).

在 3.4 版被加入.

在 3.6 版的變更:SSLContext.verify_flags returnsVerifyFlags flags:

>>>ssl.create_default_context().verify_flags<VerifyFlags.VERIFY_X509_TRUSTED_FIRST: 32768>

SSLContext.verify_mode¶

Whether to try to verify other peers' certificates and how to behaveif verification fails. This attribute must be one ofCERT_NONE,CERT_OPTIONAL orCERT_REQUIRED.

在 3.6 版的變更:SSLContext.verify_mode returnsVerifyMode enum:

>>>ssl.create_default_context().verify_mode<VerifyMode.CERT_REQUIRED: 2>

SSLContext.set_psk_client_callback(callback)¶

Enables TLS-PSK (pre-shared key) authentication on a client-side connection.

In general, certificate based authentication should be preferred over this method.

The parametercallback is a callable object with the signature:defcallback(hint:str|None)->tuple[str|None,bytes].Thehint parameter is an optional identity hint sent by the server.The return value is a tuple in the form (client-identity, psk).Client-identity is an optional string which may be used by the server toselect a corresponding PSK for the client. The string must be less than orequal to256 octets when UTF-8 encoded. PSK is abytes-like object representing the pre-shared key. Return a zerolength PSK to reject the connection.

Settingcallback toNone removes any existing callback.

備註

When using TLS 1.3:

• thehint parameter is alwaysNone.

• client-identity must be a non-empty string.

範例用法：

context=ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)context.check_hostname=Falsecontext.verify_mode=ssl.CERT_NONEcontext.maximum_version=ssl.TLSVersion.TLSv1_2context.set_ciphers('PSK')# A simple lambda:psk=bytes.fromhex('c0ffee')context.set_psk_client_callback(lambdahint:(None,psk))# A table using the hint from the server:psk_table={'ServerId_1':bytes.fromhex('c0ffee'),'ServerId_2':bytes.fromhex('facade')}defcallback(hint):return'ClientId_1',psk_table.get(hint,b'')context.set_psk_client_callback(callback)

This method will raiseNotImplementedError ifHAS_PSK isFalse.

在 3.13 版被加入.

SSLContext.set_psk_server_callback(callback,identity_hint=None)¶

Enables TLS-PSK (pre-shared key) authentication on a server-side connection.

In general, certificate based authentication should be preferred over this method.

The parametercallback is a callable object with the signature:defcallback(identity:str|None)->bytes.Theidentity parameter is an optional identity sent by the client which canbe used to select a corresponding PSK.The return value is abytes-like object representing the pre-shared key.Return a zero length PSK to reject the connection.

Settingcallback toNone removes any existing callback.

The parameteridentity_hint is an optional identity hint string sent tothe client. The string must be less than or equal to256 octets whenUTF-8 encoded.

備註

When using TLS 1.3 theidentity_hint parameter is not sent to the client.

範例用法：

context=ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)context.maximum_version=ssl.TLSVersion.TLSv1_2context.set_ciphers('PSK')# A simple lambda:psk=bytes.fromhex('c0ffee')context.set_psk_server_callback(lambdaidentity:psk)# A table using the identity of the client:psk_table={'ClientId_1':bytes.fromhex('c0ffee'),'ClientId_2':bytes.fromhex('facade')}defcallback(identity):returnpsk_table.get(identity,b'')context.set_psk_server_callback(callback,'ServerId_1')

This method will raiseNotImplementedError ifHAS_PSK isFalse.

在 3.13 版被加入.

Certificates¶

Certificates in general are part of a public-key / private-key system. In thissystem, eachprincipal, (which may be a machine, or a person, or anorganization) is assigned a unique two-part encryption key. One part of the keyis public, and is called thepublic key; the other part is kept secret, and iscalled theprivate key. The two parts are related, in that if you encrypt amessage with one of the parts, you can decrypt it with the other part, andonly with the other part.

A certificate contains information about two principals. It contains the nameof asubject, and the subject's public key. It also contains a statement by asecond principal, theissuer, that the subject is who they claim to be, andthat this is indeed the subject's public key. The issuer's statement is signedwith the issuer's private key, which only the issuer knows. However, anyone canverify the issuer's statement by finding the issuer's public key, decrypting thestatement with it, and comparing it to the other information in the certificate.The certificate also contains information about the time period over which it isvalid. This is expressed as two fields, called "notBefore" and "notAfter".

In the Python use of certificates, a client or server can use a certificate toprove who they are. The other side of a network connection can also be requiredto produce a certificate, and that certificate can be validated to thesatisfaction of the client or server that requires such validation. Theconnection attempt can be set to raise an exception if the validation fails.Validation is done automatically, by the underlying OpenSSL framework; theapplication need not concern itself with its mechanics. But the applicationdoes usually need to provide sets of certificates to allow this process to takeplace.

Python uses files to contain certificates. They should be formatted as "PEM"(seeRFC 1422), which is a base-64 encoded form wrapped with a header lineand a footer line:

-----BEGINCERTIFICATE-----...(certificateinbase64PEMencoding)...-----ENDCERTIFICATE-----

-----BEGINCERTIFICATE-----...(certificateforyourserver)...-----ENDCERTIFICATE----------BEGINCERTIFICATE-----...(thecertificatefortheCA)...-----ENDCERTIFICATE----------BEGINCERTIFICATE-----...(therootcertificatefortheCA's issuer)...-----ENDCERTIFICATE-----

-----BEGINRSAPRIVATEKEY-----...(privatekeyinbase64encoding)...-----ENDRSAPRIVATEKEY----------BEGINCERTIFICATE-----...(certificateinbase64PEMencoding)...-----ENDCERTIFICATE-----

%opensslreq-new-x509-days365-nodes-outcert.pem-keyoutcert.pemGeneratinga1024bitRSAprivatekey.......++++++.............................++++++writingnewprivatekeyto'cert.pem'-----Youareabouttobeaskedtoenterinformationthatwillbeincorporatedintoyourcertificaterequest.WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.TherearequiteafewfieldsbutyoucanleavesomeblankForsomefieldstherewillbeadefaultvalue,Ifyouenter'.',thefieldwillbeleftblank.-----CountryName(2lettercode)[AU]:USStateorProvinceName(fullname)[Some-State]:MyStateLocalityName(eg,city)[]:SomeCityOrganizationName(eg,company)[InternetWidgitsPtyLtd]:MyOrganization,Inc.OrganizationalUnitName(eg,section)[]:MyGroupCommonName(eg,YOURname)[]:myserver.mygroup.myorganization.comEmailAddress[]:ops@myserver.mygroup.myorganization.com%

範例¶

try:importsslexceptImportError:passelse:...# do something that requires SSL support

>>>context=ssl.create_default_context()

>>>context=ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)>>>context.load_verify_locations("/etc/ssl/certs/ca-bundle.crt")

>>>conn=context.wrap_socket(socket.socket(socket.AF_INET),...server_hostname="www.python.org")>>>conn.connect(("www.python.org",443))

>>>cert=conn.getpeercert()

>>>pprint.pprint(cert){'OCSP': ('http://ocsp.digicert.com',), 'caIssuers': ('http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt',), 'crlDistributionPoints': ('http://crl3.digicert.com/sha2-ev-server-g1.crl',                           'http://crl4.digicert.com/sha2-ev-server-g1.crl'), 'issuer': ((('countryName', 'US'),),            (('organizationName', 'DigiCert Inc'),),            (('organizationalUnitName', 'www.digicert.com'),),            (('commonName', 'DigiCert SHA2 Extended Validation Server CA'),)), 'notAfter': 'Sep  9 12:00:00 2016 GMT', 'notBefore': 'Sep  5 00:00:00 2014 GMT', 'serialNumber': '01BB6F00122B177F36CAB49CEA8B6B26', 'subject': ((('businessCategory', 'Private Organization'),),             (('1.3.6.1.4.1.311.60.2.1.3', 'US'),),             (('1.3.6.1.4.1.311.60.2.1.2', 'Delaware'),),             (('serialNumber', '3359300'),),             (('streetAddress', '16 Allen Rd'),),             (('postalCode', '03894-4801'),),             (('countryName', 'US'),),             (('stateOrProvinceName', 'NH'),),             (('localityName', 'Wolfeboro'),),             (('organizationName', 'Python Software Foundation'),),             (('commonName', 'www.python.org'),)), 'subjectAltName': (('DNS', 'www.python.org'),                    ('DNS', 'python.org'),                    ('DNS', 'pypi.org'),                    ('DNS', 'docs.python.org'),                    ('DNS', 'testpypi.org'),                    ('DNS', 'bugs.python.org'),                    ('DNS', 'wiki.python.org'),                    ('DNS', 'hg.python.org'),                    ('DNS', 'mail.python.org'),                    ('DNS', 'packaging.python.org'),                    ('DNS', 'pythonhosted.org'),                    ('DNS', 'www.pythonhosted.org'),                    ('DNS', 'test.pythonhosted.org'),                    ('DNS', 'us.pycon.org'),                    ('DNS', 'id.python.org')), 'version': 3}

>>>conn.sendall(b"HEAD / HTTP/1.0\r\nHost: linuxfr.org\r\n\r\n")>>>pprint.pprint(conn.recv(1024).split(b"\r\n"))[b'HTTP/1.1 200 OK', b'Date: Sat, 18 Oct 2014 18:27:20 GMT', b'Server: nginx', b'Content-Type: text/html; charset=utf-8', b'X-Frame-Options: SAMEORIGIN', b'Content-Length: 45679', b'Accept-Ranges: bytes', b'Via: 1.1 varnish', b'Age: 2188', b'X-Served-By: cache-lcy1134-LCY', b'X-Cache: HIT', b'X-Cache-Hits: 11', b'Vary: Cookie', b'Strict-Transport-Security: max-age=63072000; includeSubDomains', b'Connection: close', b'', b'']

importsocket,sslcontext=ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)context.load_cert_chain(certfile="mycertfile",keyfile="mykeyfile")bindsocket=socket.socket()bindsocket.bind(('myaddr.example.com',10023))bindsocket.listen(5)

whileTrue:newsocket,fromaddr=bindsocket.accept()connstream=context.wrap_socket(newsocket,server_side=True)try:deal_with_client(connstream)finally:connstream.shutdown(socket.SHUT_RDWR)connstream.close()

defdeal_with_client(connstream):data=connstream.recv(1024)# empty data means the client is finished with uswhiledata:ifnotdo_something(connstream,data):# we'll assume do_something returns False# when we're finished with clientbreakdata=connstream.recv(1024)# finished with client

Notes on non-blocking sockets¶

SSL sockets behave slightly different than regular sockets innon-blocking mode. When working with non-blocking sockets, there arethus several things you need to be aware of:

• MostSSLSocket methods will raise eitherSSLWantWriteError orSSLWantReadError instead ofBlockingIOError if an I/O operation wouldblock.SSLWantReadError will be raised if a read operation onthe underlying socket is necessary, andSSLWantWriteError fora write operation on the underlying socket. Note that attempts towrite to an SSL socket may requirereading from the underlyingsocket first, and attempts toread from the SSL socket may requirea priorwrite to the underlying socket.

  在 3.5 版的變更:In earlier Python versions, theSSLSocket.send() methodreturned zero instead of raisingSSLWantWriteError orSSLWantReadError.

• Callingselect() tells you that the OS-level socket can beread from (or written to), but it does not imply that there is sufficientdata at the upper SSL layer. For example, only part of an SSL frame mighthave arrived. Therefore, you must be ready to handleSSLSocket.recv()andSSLSocket.send() failures, and retry after another call toselect().

• Conversely, since the SSL layer has its own framing, a SSL socket maystill have data available for reading withoutselect()being aware of it. Therefore, you should first callSSLSocket.recv() to drain any potentially available data, and thenonly block on aselect() call if still necessary.

  (of course, similar provisions apply when using other primitives such aspoll(), or those in theselectors module)

• The SSL handshake itself will be non-blocking: theSSLSocket.do_handshake() method has to be retried until it returnssuccessfully. Here is a synopsis usingselect() to wait forthe socket's readiness:

  whileTrue:try:sock.do_handshake()breakexceptssl.SSLWantReadError:select.select([sock],[],[])exceptssl.SSLWantWriteError:select.select([],[sock],[])

Memory BIO Support¶

Ever since the SSL module was introduced in Python 2.6, theSSLSocketclass has provided two related but distinct areas of functionality:

• SSL protocol handling

• Network IO

The network IO API is identical to that provided bysocket.socket,from whichSSLSocket also inherits. This allows an SSL socket to beused as a drop-in replacement for a regular socket, making it very easy to addSSL support to an existing application.

Combining SSL protocol handling and network IO usually works well, but thereare some cases where it doesn't. An example is async IO frameworks that want touse a different IO multiplexing model than the "select/poll on a filedescriptor" (readiness based) model that is assumed bysocket.socketand by the internal OpenSSL socket IO routines. This is mostly relevant forplatforms like Windows where this model is not efficient. For this purpose, areduced scope variant ofSSLSocket calledSSLObject isprovided.

classssl.SSLObject¶

A reduced-scope variant ofSSLSocket representing an SSL protocolinstance that does not contain any network IO methods. This class istypically used by framework authors that want to implement asynchronous IOfor SSL through memory buffers.

This class implements an interface on top of a low-level SSL object asimplemented by OpenSSL. This object captures the state of an SSL connectionbut does not provide any network IO itself. IO needs to be performed throughseparate "BIO" objects which are OpenSSL's IO abstraction layer.

This class has no public constructor. AnSSLObject instancemust be created using thewrap_bio() method. Thismethod will create theSSLObject instance and bind it to apair of BIOs. Theincoming BIO is used to pass data from Python to theSSL protocol instance, while theoutgoing BIO is used to pass data theother way around.

The following methods are available:

• context

• server_side

• server_hostname

• session

• session_reused

• read()

• write()

• getpeercert()

• get_verified_chain()

• get_unverified_chain()

• selected_alpn_protocol()

• selected_npn_protocol()

• cipher()

• shared_ciphers()

• compression()

• pending()

• do_handshake()

• verify_client_post_handshake()

• unwrap()

• get_channel_binding()

• version()

When compared toSSLSocket, this object lacks the followingfeatures:

• Any form of network IO;recv() andsend() read and write only tothe underlyingMemoryBIO buffers.

• There is nodo_handshake_on_connect machinery. You must always manuallycalldo_handshake() to start the handshake.

• There is no handling ofsuppress_ragged_eofs. All end-of-file conditionsthat are in violation of the protocol are reported via theSSLEOFError exception.

• The methodunwrap() call does not return anything,unlike for an SSL socket where it returns the underlying socket.

• Theserver_name_callback callback passed toSSLContext.set_servername_callback() will get anSSLObjectinstance instead of aSSLSocket instance as its first parameter.

Some notes related to the use ofSSLObject:

• All IO on anSSLObject isnon-blocking.This means that for exampleread() will raise anSSLWantReadError if it needs more data than the incoming BIO hasavailable.

在 3.7 版的變更:SSLObject instances must be created withwrap_bio(). In earlier versions, it was possible tocreate instances directly. This was never documented or officiallysupported.

An SSLObject communicates with the outside world using memory buffers. TheclassMemoryBIO provides a memory buffer that can be used for thispurpose. It wraps an OpenSSL memory BIO (Basic IO) object:

classssl.MemoryBIO¶

A memory buffer that can be used to pass data between Python and an SSLprotocol instance.

pending¶

Return the number of bytes currently in the memory buffer.

eof¶

A boolean indicating whether the memory BIO is current at the end-of-fileposition.

read(n=-1)¶

Read up ton bytes from the memory buffer. Ifn is not specified ornegative, all bytes are returned.

write(buf)¶

Write the bytes frombuf to the memory BIO. Thebuf argument must be anobject supporting the buffer protocol.

The return value is the number of bytes written, which is always equal tothe length ofbuf.

write_eof()¶

Write an EOF marker to the memory BIO. After this method has been called, itis illegal to callwrite(). The attributeeof willbecome true after all data currently in the buffer has been read.

SSL session¶

classssl.SSLSession¶

Session object used bysession.

id¶

time¶

timeout¶

ticket_lifetime_hint¶

has_ticket¶

Security considerations¶

>>>importssl,smtplib>>>smtp=smtplib.SMTP("mail.python.org",port=587)>>>context=ssl.create_default_context()>>>smtp.starttls(context=context)(220, b'2.0.0 Ready to start TLS')

>>>client_context=ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)>>>client_context.minimum_version=ssl.TLSVersion.TLSv1_3>>>client_context.maximum_version=ssl.TLSVersion.TLSv1_3

TLS 1.3¶

The TLS 1.3 protocol behaves slightly differently than previous versionof TLS/SSL. Some new TLS 1.3 features are not yet available.

• TLS 1.3 uses a disjunct set of cipher suites. All AES-GCM andChaCha20 cipher suites are enabled by default. The methodSSLContext.set_ciphers() cannot enable or disable any TLS 1.3ciphers yet, butSSLContext.get_ciphers() returns them.

• Session tickets are no longer sent as part of the initial handshake andare handled differently.SSLSocket.session andSSLSessionare not compatible with TLS 1.3.

• Client-side certificates are also no longer verified during the initialhandshake. A server can request a certificate at any time. Clientsprocess certificate requests while they send or receive application datafrom the server.

• TLS 1.3 features like early data, deferred TLS client cert request,signature algorithm configuration, and rekeying are not supported yet.