Package tlslite :: Module HandshakeSettings :: Class HandshakeSettings
[show private | hide private]
[frames | no frames]

Class HandshakeSettings


This class encapsulates various parameters that can be used with a TLS handshake.
Method Summary
  __init__(self)

Instance Variable Summary
int minKeySize: The minimum bit length for asymmetric keys.
int maxKeySize: The maximum bit length for asymmetric keys.
list cipherNames: The allowed ciphers, in order of preference.
list certificateTypes: The allowed certificate types, in order of preference.
tuple minVersion: The minimum allowed SSL/TLS version.
tuple maxVersion: The maximum allowed SSL/TLS version.

Instance Variable Details

minKeySize

The minimum bit length for asymmetric keys.

If the other party tries to use SRP, RSA, or Diffie-Hellman parameters smaller than this length, an alert will be signalled. The default is 1023.
Type:
int

maxKeySize

The maximum bit length for asymmetric keys.

If the other party tries to use SRP, RSA, or Diffie-Hellman parameters larger than this length, an alert will be signalled. The default is 8193.
Type:
int

cipherNames

The allowed ciphers, in order of preference.

The allowed values in this list are 'aes256', 'aes128', '3des', and 'rc4'. If these settings are used with a client handshake, they determine the order of the ciphersuites offered in the ClientHello message.

If these settings are used with a server handshake, the server will choose whichever ciphersuite matches the earliest entry in this list.

NOTE: If '3des' is used in this list, but TLS Lite can't find an add-on library that supports 3DES, then '3des' will be silently removed.

The default value is ['aes256', 'aes128', '3des', 'rc4'].
Type:
list

certificateTypes

The allowed certificate types, in order of preference.

The allowed values in this list are 'x509' and 'cryptoID'. This list is only used with a client handshake. The client will advertise to the server which certificate types are supported, and will check that the server uses one of the appropriate types.

NOTE: If 'cryptoID' is used in this list, but cryptoIDlib is not installed, then 'cryptoID' will be silently removed.
Type:
list

minVersion

The minimum allowed SSL/TLS version.

This variable can be set to (3,0) for SSL 3.0, or (3,1) for TLS 1.0. If the other party wishes to use a lower version, a protocol_version alert will be signalled. The default is (3,0).
Type:
tuple

maxVersion

The maximum allowed SSL/TLS version.

This variable can be set to (3,0) for SSL 3.0, or (3,1) for TLS 1.0. If the other party wishes to use a higher version, a protocol_version alert will be signalled. The default is (3,1).
Type:
tuple

Generated by Epydoc 2.0 on Sun Mar 21 00:04:59 2004 http://epydoc.sf.net