twisted.internet.

module documentation

(source)

Undocumented

Interface	`IOpenSSLTrustRoot`	Trust settings for an OpenSSL context.
Class	`CertBase`	Base class for public (certificate only) and private (certificate + key pair) certificates.
Class	`ClientTLSOptions`	Client creator for TLS.
Class	`OpenSSLCertificateAuthorities`	Trust an explicitly specified set of certificates, represented by a list of `OpenSSL.crypto.X509` objects.
Class	`OpenSSLCipher`	A representation of an OpenSSL cipher.
Class	`PublicKey`	A `PublicKey` is a representation of the public part of a key pair.
Function	`protosFromProtocol`	Get the union of the ALPN protocols from the given TLSMemoryBIOProtocol and from the static list of acceptable protocols.
Function	`setupForALPN`	Called to set up the `OpenSSL.SSL.Context` for doing ALPN negotiation.
Variable	`defaultCiphers`	Undocumented
Class	`_ChooseDiffieHellmanEllipticCurve`	Chooses the best elliptic curve for Elliptic Curve Diffie-Hellman key exchange, and provides a `configureECDHCurve` method to set the curve, when appropriate, on a new `OpenSSL.SSL.Context`.
Function	`_expandCipherString`	Expand `cipherString` according to `method` and `options` to a tuple of explicit ciphers that are supported by the current platform.
Function	`_getExcludedTLSProtocols`	Given a pair of `TLSVersion` constants, figure out what versions we want to disable (as OpenSSL is an exclusion based API).
Function	`_handleattrhelper`	(private) Helper for `Certificate.peerFromTransport` and `Certificate.hostFromTransport` which checks for incompatible handle types and null certificates and raises the appropriate exception or returns the appropriate certificate object.
Function	`_selectCiphers`	Caclulate the acceptable list of ciphers from the ciphers we want and the ciphers we have support for.
Function	`_verifyCB`	Undocumented
Type Variable	`_Self`	Undocumented
Variable	`_defaultCurveName`	Undocumented
Variable	`_log`	Undocumented
Variable	`_tlsDisableFlags`	Undocumented
Variable	`_x509names`	Undocumented

def protosFromProtocol(tlsProto: TLSMemoryBIOProtocol, acceptableProtocols: Sequence[bytes]) -> Sequence[bytes]: (source) ¶

Get the union of the ALPN protocols from the given TLSMemoryBIOProtocol and from the static list of acceptable protocols.

def setupForALPN(context: SSL.Context, acceptableProtocols: Sequence[bytes]): (source) ¶

Called to set up the OpenSSL.SSL.Context for doing ALPN negotiation.

Parameters

context:SSL.Context The context which is being set up.

acceptableProtocols:Sequence[bytes]

The protocols that the host represented by context is willing to speak after TLS negotiation has completed, which will be advertised by connections using this context, over ALPN.

If this argument is specified, and no overlap can be found with the peer on a given connection, TLS negotiation of that connection will fail, and it will not be established.

If a connection's peer does not offer ALPN, the connection will be established, but no protocol will be negotiated. Protocols earlier in the list are preferred over those later in the list.

defaultCiphers = (source) ¶

Undocumented

@lru_cache(maxsize=32)

def _expandCipherString(cipherString, method, options): (source) ¶

Expand cipherString according to method and options to a tuple of explicit ciphers that are supported by the current platform.

Parameters
cipherString:`unicode`	An OpenSSL cipher string to expand.
method	An OpenSSL method like `SSL.TLS_METHOD` used for determining the effective ciphers.
options:`int`	OpenSSL options like `SSL.OP_NO_SSLv3` ORed together.

Returns
`tuple` of `ICipher`	The effective list of explicit ciphers that results from the arguments on the current platform.

def _getExcludedTLSProtocols(oldest, newest): (source) ¶

Given a pair of TLSVersion constants, figure out what versions we want to disable (as OpenSSL is an exclusion based API).

Parameters
oldest:`TLSVersion` constant	The oldest `TLSVersion` we want to allow.
newest:`TLSVersion` constant or `None`	The newest `TLSVersion` we want to allow, or `None` for no upper limit.

Returns
`list` of `TLSVersion` constants.	The versions we want to disable.

def _handleattrhelper(Class, transport, methodName): (source) ¶

(private) Helper for Certificate.peerFromTransport and Certificate.hostFromTransport which checks for incompatible handle types and null certificates and raises the appropriate exception or returns the appropriate certificate object.

@lru_cache(maxsize=128)

def _selectCiphers(wantedCiphers, availableCiphers): (source) ¶

Caclulate the acceptable list of ciphers from the ciphers we want and the ciphers we have support for.

Parameters
wantedCiphers:`tuple` of `OpenSSLCipher`	The ciphers we want to use.
availableCiphers:`tuple` of `OpenSSLCipher`	The ciphers we have available to use.

Returns
`tuple` of `OpenSSLCipher`	Undocumented

def _verifyCB(tlsProtocol: TLSMemoryBIOProtocol, hostIsDNS: bool, hostnameASCII: str) -> Callable[[Connection, X509, int, int, bool], bool]: (source) ¶

Undocumented

_Self = (source) ¶

Undocumented

Value

TypeVar('_Self',
        bound='Certificate')

_defaultCurveName: str = (source) ¶

Undocumented

_log = (source) ¶

Undocumented

_tlsDisableFlags = (source) ¶

Undocumented

_x509names: dict[str, str] = (source) ¶

Undocumented

twisted.internet._sslverify

`twisted.internet._sslverify`