| Home | Trees | Indices | Help |
|---|
|
|
This module implements the SSL functionality in NSS
|
|||
|
SSLSocket SSLSocket(family=PR_AF_INET, type=PR_DESC_SOCKET_TCP) |
|||
|
|||
|
|||
|
|||
|
|||
|
|||
policy |
|
||
enabled |
|
||
int |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
SSL_ALLOWED = 1
|
|||
SSL_BYPASS_PKCS11 = 16
|
|||
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 17
|
|||
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19
|
|||
SSL_DHE_DSS_WITH_DES_CBC_SHA = 18
|
|||
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 20
|
|||
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22
|
|||
SSL_DHE_RSA_WITH_DES_CBC_SHA = 21
|
|||
SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 25
|
|||
SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 23
|
|||
SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA = 27
|
|||
SSL_DH_ANON_WITH_DES_CBC_SHA = 26
|
|||
SSL_DH_ANON_WITH_RC4_128_MD5 = 24
|
|||
SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 11
|
|||
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13
|
|||
SSL_DH_DSS_WITH_DES_CBC_SHA = 12
|
|||
SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 14
|
|||
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 16
|
|||
SSL_DH_RSA_WITH_DES_CBC_SHA = 15
|
|||
SSL_ENABLE_FDX = 11
|
|||
SSL_ENABLE_SSL2 = 7
|
|||
SSL_ENABLE_SSL3 = 8
|
|||
SSL_ENABLE_TLS = 13
|
|||
SSL_EN_DES_192_EDE3_CBC_WITH_MD5 = 65287
|
|||
SSL_EN_DES_64_CBC_WITH_MD5 = 65286
|
|||
SSL_EN_IDEA_128_CBC_WITH_MD5 = 65285
|
|||
SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 = 65284
|
|||
SSL_EN_RC2_128_CBC_WITH_MD5 = 65283
|
|||
SSL_EN_RC4_128_EXPORT40_WITH_MD5 = 65282
|
|||
SSL_EN_RC4_128_WITH_MD5 = 65281
|
|||
SSL_HANDSHAKE_AS_CLIENT = 5
|
|||
SSL_HANDSHAKE_AS_SERVER = 6
|
|||
SSL_NOT_ALLOWED = 0
|
|||
SSL_NO_CACHE = 9
|
|||
SSL_NO_LOCKS = 17
|
|||
SSL_NO_STEP_DOWN = 15
|
|||
SSL_NULL_WITH_NULL_NULL = 0
|
|||
SSL_REQUEST_CERTIFICATE = 3
|
|||
SSL_REQUIRE_ALWAYS = 1
|
|||
SSL_REQUIRE_CERTIFICATE = 10
|
|||
SSL_REQUIRE_FIRST_HANDSHAKE = 2
|
|||
SSL_REQUIRE_NEVER = 0
|
|||
SSL_REQUIRE_NO_ERROR = 3
|
|||
SSL_RESTRICTED = 2
|
|||
SSL_ROLLBACK_DETECTION = 14
|
|||
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 8
|
|||
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6
|
|||
SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3
|
|||
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 65279
|
|||
SSL_RSA_FIPS_WITH_DES_CBC_SHA = 65278
|
|||
SSL_RSA_WITH_3DES_EDE_CBC_SHA = 10
|
|||
SSL_RSA_WITH_DES_CBC_SHA = 9
|
|||
SSL_RSA_WITH_IDEA_CBC_SHA = 7
|
|||
SSL_RSA_WITH_NULL_MD5 = 1
|
|||
SSL_RSA_WITH_NULL_SHA = 2
|
|||
SSL_RSA_WITH_RC4_128_MD5 = 4
|
|||
SSL_RSA_WITH_RC4_128_SHA = 5
|
|||
SSL_SECURITY = 1
|
|||
SSL_SECURITY_STATUS_NOOPT = -1
|
|||
SSL_SECURITY_STATUS_OFF = 0
|
|||
SSL_SECURITY_STATUS_ON_HIGH = 1
|
|||
SSL_SECURITY_STATUS_ON_LOW = 2
|
|||
SSL_SOCKS = 2
|
|||
SSL_V2_COMPATIBLE_HELLO = 12
|
|||
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 99
|
|||
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 101
|
|||
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50
|
|||
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56
|
|||
TLS_DHE_DSS_WITH_RC4_128_SHA = 102
|
|||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51
|
|||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57
|
|||
TLS_DH_ANON_WITH_AES_128_CBC_SHA = 52
|
|||
TLS_DH_ANON_WITH_AES_256_CBC_SHA = 58
|
|||
TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48
|
|||
TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54
|
|||
TLS_DH_RSA_WITH_AES_128_CBC_SHA = 49
|
|||
TLS_DH_RSA_WITH_AES_256_CBC_SHA = 55
|
|||
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 49160
|
|||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 49161
|
|||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 49162
|
|||
TLS_ECDHE_ECDSA_WITH_NULL_SHA = 49158
|
|||
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 49159
|
|||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 49170
|
|||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 49171
|
|||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 49172
|
|||
TLS_ECDHE_RSA_WITH_NULL_SHA = 49168
|
|||
TLS_ECDHE_RSA_WITH_RC4_128_SHA = 49169
|
|||
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 49155
|
|||
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 49156
|
|||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 49157
|
|||
TLS_ECDH_ECDSA_WITH_NULL_SHA = 49153
|
|||
TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 49154
|
|||
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 49165
|
|||
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 49166
|
|||
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 49167
|
|||
TLS_ECDH_RSA_WITH_NULL_SHA = 49163
|
|||
TLS_ECDH_RSA_WITH_RC4_128_SHA = 49164
|
|||
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 49175
|
|||
TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 49176
|
|||
TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 49177
|
|||
TLS_ECDH_anon_WITH_NULL_SHA = 49173
|
|||
TLS_ECDH_anon_WITH_RC4_128_SHA = 49174
|
|||
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 98
|
|||
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 100
|
|||
TLS_RSA_WITH_AES_128_CBC_SHA = 47
|
|||
TLS_RSA_WITH_AES_256_CBC_SHA = 53
|
|||
_C_API = <PyCObject object at 0x7f9ef20345f8>
|
|||
__package__ = None
|
|||
ssl_implemented_ciphers = |
|||
|
|||
You must call ssl.clear_session_cache() after you use one of the SSL Export Policy Functions to change cipher suite policy settings or use ssl.set_default_cipher_pref() to enable or disable any cipher suite. Otherwise, the old settings remain in the session cache and will be used instead of the new settings. This function clears only the client cache. The client cache is not configurable. It is located in RAM (not on disk). |
:Parameters:
max_cache_entries : integer
The maximum number of entries in the cache. If ZERO the server
default value is used (10,000).
ssl2_timeout : integer
The lifetime in seconds of an SSL2 session. The minimum timeout
value is 5 seconds and the maximum is 24 hours. Values outside
this range are replaced by the server default value (100 seconds).
ssl3_timeout : integer
The lifetime in seconds of an SSL3 session. The minimum timeout
value is 5 seconds and the maximum is 24 hours. Values outside
this range are replaced by the server default value (24 hours).
directory : string
A string specifying the pathname of the directory that will
contain the session cache. If None the server default value is
used (/tmp (Unix) or \temp (NT)).
This function sets up a Server Session ID (SID) cache that is safe for
access by multiple processes on the same system.
Like `ssl.config_server_session_id_cache()`, with one important
difference. If the application will run multiple processes (as
opposed to, or in addition to multiple threads), then it must call
this function, instead of calling
`ssl.config_server_session_id_cache()`. This has nothing to do with
the number of processors, only processes.
|
:Parameters:
max_cache_entries : integer
The maximum number of entries in the cache. If ZERO the server
default value is used (10,000).
ssl2_timeout : integer
The lifetime in seconds of an SSL2 session. The minimum timeout
value is 5 seconds and the maximum is 24 hours. Values outside
this range are replaced by the server default value (100 seconds).
ssl3_timeout : integer
The lifetime in seconds of an SSL3 session. The minimum timeout
value is 5 seconds and the maximum is 24 hours. Values outside
this range are replaced by the server default value (24 hours).
directory : string
A string specifying the pathname of the directory that will
contain the session cache. If None the server default value is
used (/tmp (Unix) or \temp (NT)).
If you are writing an application which will use SSL sockets to
handshake as a server, you must call config_server_session_id_cache()
to configure the session caches for server sessions.
If your server application uses multiple processes (instead of or in
addition to multiple threads), use `ssl.config_mp_server_sid_cache()`
instead. You must use one of these functions to create a server
cache.
This function creates two caches: the server session ID cache (also
called the server session cache, or server cache), and the client-auth
certificate cache (also called the client cert cache, or client auth
cache). Both caches are used only for sessions where the program will
handshakes as a server. The client-auth certificate cache is used to
remember the certificates previously presented by clients for client
certificate authentication.
A zero value or a value that is out of range for any of the parameters
causes the server default value to be used in the server cache. Note,
this function only affects the server cache, not the client cache.
|
:Parameters:
max_cache_entries : integer
The maximum number of entries in the cache. If ZERO the server
default value is used (10,000).
max_cert_cache_entries : integer
The maximum number of entries in the cert cache. If ZERO the server
default value is used (10,000).
max_server_name_cache_entries : integer
The maximum number of entries in the server name cache. If ZERO the server
default value is used (10,000).
ssl2_timeout : integer
The lifetime in seconds of an SSL2 session. The minimum timeout
value is 5 seconds and the maximum is 24 hours. Values outside
this range are replaced by the server default value (100 seconds).
ssl3_timeout : integer
The lifetime in seconds of an SSL3 session. The minimum timeout
value is 5 seconds and the maximum is 24 hours. Values outside
this range are replaced by the server default value (24 hours).
directory : string
A string specifying the pathname of the directory that will
contain the session cache. If None the server default value is
used (/tmp (Unix) or \temp (NT)).
enable_mp_cache : bool
If True enable the multi-process cache.
Configure a secure server's session-id cache. Depends on value of
enable_mp_cache, configures multi-proc or single proc cache.
A zero value or a value that is out of range for any of the parameters
causes the server default value to be used in the server cache. Note,
this function only affects the server cache, not the client cache.
|
:Parameters:
cipher : integer
The cipher suite enumeration (e.g. SSL_RSA_WITH_NULL_MD5, etc.)
Returns the cipher policy.
|
:Parameters:
cipher : integer
The cipher suite enumeration (e.g. SSL_RSA_WITH_NULL_MD5, etc.)
Returns the application default preference for the specified SSL2,
SSL3, or TLS cipher.
|
Get the configured maximum number of mutexes used for the server's store of SSL sessions. This value is used by the server session ID cache initialization functions.
|
Gets the default value of a specified SSL option for all subsequently opened sockets as long as the current application program is running. Refer to the documentation for SSLSocket.set_ssl_option() for an explanation of the possible values. |
WARNING: nss_init() has been moved to the nss module, use nss.nss_init() instead of ssl.nss_init()
:Parameters:
cert_dir : string
Pathname of the directory where the certificate, key, and
security module databases reside.
Sets up configuration files and performs other tasks required to run
Network Security Services.
|
WARNING: nss_shutdown() has been moved to the nss module, use nss.nss_shutdown() instead of ssl.nss_shutdown() Closes the key and certificate databases that were opened by nss_init(). Note that if any reference to an NSS object is leaked (for example, if an SSL client application doesn't call clear_session_cache() first) then nss_shutdown fails with the error code SEC_ERROR_BUSY. |
WARNING: nssinit() has been moved to the nss module, use nss.nss_init() instead of ssl.nssinit()
:Parameters:
cert_dir : string
Pathname of the directory where the certificate, key, and
security module databases reside.
Sets up configuration files and performs other tasks required to run
Network Security Services.
|
:Parameters:
cipher : integer
The cipher suite enumeration (e.g. SSL_RSA_WITH_NULL_MD5, etc.)
enabled : bool
Boolean value
Tells the SSL library that the specified cipher suite is allowed by
the application's export license, or is not allowed by the
application's export license, or is allowed to be used only with a
Step-Up certificate. It overrides the factory default policy for that
cipher suite. The default policy for all cipher suites is
SSL_NOT_ALLOWED, meaning that the application's export license does
not approve the use of this cipher suite. A U.S.domestic version of a
product typically sets all cipher suites to SSL_ALLOWED. This setting
is used to separate export and domestic versions of a product, and is
not intended to express user cipher preferences.
|
:Parameters:
cipher : integer
The cipher suite enumeration (e.g. SSL_RSA_WITH_NULL_MD5, etc.)
enabled : bool
Boolean value
Sets the application default preference for the specified SSL2, SSL3,
or TLS cipher. A cipher suite is used only if the policy allows it and
the preference for it is set to True.
This function must be called once for each cipher you want to enable
or disable by default.
Note, which cipher suites are permitted or disallowed are modified by
previous calls to one or more of the SSL Export Policy Functions.
|
Configures cipher suites to conform with current U.S. export regulations related to domestic software products with encryption features. |
Configures the SSL cipher suites to conform with current U.S. export regulations related to international software products with encryption features. |
:Parameters:
max_locks : int
Maximum number of locks
Set the configured maximum number of mutexes used for the server's
store of SSL sessions. This value is used by the server session ID
cache initialization functions. Note that on some platforms, these
mutexes are actually implemented with POSIX semaphores, or with
unnamed pipes. The default value varies by platform. An attempt to
set a too-low maximum will return an error and the configured value
will not be changed.
|
Changes the default value of a specified SSL option for all subsequently opened sockets as long as the current application program is running. Refer to the documentation for SSLSocket.set_ssl_option() for an explanation of the possible values. |
|
|||
ssl_implemented_ciphers
|
| Home | Trees | Indices | Help |
|---|
| Generated by Epydoc 3.0.1 on Sat Oct 27 13:05:34 2012 | http://epydoc.sourceforge.net |