1 :mod:`ssl` --- TLS/SSL wrapper for socket objects 2 ================================================= 3 4 .. module:: ssl 5 :synopsis: TLS/SSL wrapper for socket objects 6 7 .. moduleauthor:: Bill Janssen <bill.janssen (a] gmail.com> 8 .. sectionauthor:: Bill Janssen <bill.janssen (a] gmail.com> 9 10 11 .. index:: single: OpenSSL; (use in module ssl) 12 13 .. index:: TLS, SSL, Transport Layer Security, Secure Sockets Layer 14 15 .. versionadded:: 2.6 16 17 **Source code:** :source:`Lib/ssl.py` 18 19 -------------- 20 21 This module provides access to Transport Layer Security (often known as "Secure 22 Sockets Layer") encryption and peer authentication facilities for network 23 sockets, both client-side and server-side. This module uses the OpenSSL 24 library. It is available on all modern Unix systems, Windows, Mac OS X, and 25 probably additional platforms, as long as OpenSSL is installed on that platform. 26 27 .. note:: 28 29 Some behavior may be platform dependent, since calls are made to the 30 operating system socket APIs. The installed version of OpenSSL may also 31 cause variations in behavior. For example, TLSv1.1 and TLSv1.2 come with 32 openssl version 1.0.1. 33 34 .. warning:: 35 Don't use this module without reading the :ref:`ssl-security`. Doing so 36 may lead to a false sense of security, as the default settings of the 37 ssl module are not necessarily appropriate for your application. 38 39 40 This section documents the objects and functions in the ``ssl`` module; for more 41 general information about TLS, SSL, and certificates, the reader is referred to 42 the documents in the "See Also" section at the bottom. 43 44 This module provides a class, :class:`ssl.SSLSocket`, which is derived from the 45 :class:`socket.socket` type, and provides a socket-like wrapper that also 46 encrypts and decrypts the data going over the socket with SSL. It supports 47 additional methods such as :meth:`getpeercert`, which retrieves the 48 certificate of the other side of the connection, and :meth:`cipher`,which 49 retrieves the cipher being used for the secure connection. 50 51 For more sophisticated applications, the :class:`ssl.SSLContext` class 52 helps manage settings and certificates, which can then be inherited 53 by SSL sockets created through the :meth:`SSLContext.wrap_socket` method. 54 55 56 Functions, Constants, and Exceptions 57 ------------------------------------ 58 59 .. exception:: SSLError 60 61 Raised to signal an error from the underlying SSL implementation (currently 62 provided by the OpenSSL library). This signifies some problem in the 63 higher-level encryption and authentication layer that's superimposed on the 64 underlying network connection. This error is a subtype of 65 :exc:`socket.error`, which in turn is a subtype of :exc:`IOError`. The 66 error code and message of :exc:`SSLError` instances are provided by the 67 OpenSSL library. 68 69 .. attribute:: library 70 71 A string mnemonic designating the OpenSSL submodule in which the error 72 occurred, such as ``SSL``, ``PEM`` or ``X509``. The range of possible 73 values depends on the OpenSSL version. 74 75 .. versionadded:: 2.7.9 76 77 .. attribute:: reason 78 79 A string mnemonic designating the reason this error occurred, for 80 example ``CERTIFICATE_VERIFY_FAILED``. The range of possible 81 values depends on the OpenSSL version. 82 83 .. versionadded:: 2.7.9 84 85 .. exception:: SSLZeroReturnError 86 87 A subclass of :exc:`SSLError` raised when trying to read or write and 88 the SSL connection has been closed cleanly. Note that this doesn't 89 mean that the underlying transport (read TCP) has been closed. 90 91 .. versionadded:: 2.7.9 92 93 .. exception:: SSLWantReadError 94 95 A subclass of :exc:`SSLError` raised by a :ref:`non-blocking SSL socket 96 <ssl-nonblocking>` when trying to read or write data, but more data needs 97 to be received on the underlying TCP transport before the request can be 98 fulfilled. 99 100 .. versionadded:: 2.7.9 101 102 .. exception:: SSLWantWriteError 103 104 A subclass of :exc:`SSLError` raised by a :ref:`non-blocking SSL socket 105 <ssl-nonblocking>` when trying to read or write data, but more data needs 106 to be sent on the underlying TCP transport before the request can be 107 fulfilled. 108 109 .. versionadded:: 2.7.9 110 111 .. exception:: SSLSyscallError 112 113 A subclass of :exc:`SSLError` raised when a system error was encountered 114 while trying to fulfill an operation on a SSL socket. Unfortunately, 115 there is no easy way to inspect the original errno number. 116 117 .. versionadded:: 2.7.9 118 119 .. exception:: SSLEOFError 120 121 A subclass of :exc:`SSLError` raised when the SSL connection has been 122 terminated abruptly. Generally, you shouldn't try to reuse the underlying 123 transport when this error is encountered. 124 125 .. versionadded:: 2.7.9 126 127 .. exception:: CertificateError 128 129 Raised to signal an error with a certificate (such as mismatching 130 hostname). Certificate errors detected by OpenSSL, though, raise 131 an :exc:`SSLError`. 132 133 134 Socket creation 135 ^^^^^^^^^^^^^^^ 136 137 The following function allows for standalone socket creation. Starting from 138 Python 2.7.9, it can be more flexible to use :meth:`SSLContext.wrap_socket` 139 instead. 140 141 .. function:: wrap_socket(sock, keyfile=None, certfile=None, server_side=False, cert_reqs=CERT_NONE, ssl_version={see docs}, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None) 142 143 Takes an instance ``sock`` of :class:`socket.socket`, and returns an instance 144 of :class:`ssl.SSLSocket`, a subtype of :class:`socket.socket`, which wraps 145 the underlying socket in an SSL context. ``sock`` must be a 146 :data:`~socket.SOCK_STREAM` socket; other socket types are unsupported. 147 148 For client-side sockets, the context construction is lazy; if the 149 underlying socket isn't connected yet, the context construction will be 150 performed after :meth:`connect` is called on the socket. For 151 server-side sockets, if the socket has no remote peer, it is assumed 152 to be a listening socket, and the server-side SSL wrapping is 153 automatically performed on client connections accepted via the 154 :meth:`accept` method. :func:`wrap_socket` may raise :exc:`SSLError`. 155 156 The ``keyfile`` and ``certfile`` parameters specify optional files which 157 contain a certificate to be used to identify the local side of the 158 connection. See the discussion of :ref:`ssl-certificates` for more 159 information on how the certificate is stored in the ``certfile``. 160 161 The parameter ``server_side`` is a boolean which identifies whether 162 server-side or client-side behavior is desired from this socket. 163 164 The parameter ``cert_reqs`` specifies whether a certificate is required from 165 the other side of the connection, and whether it will be validated if 166 provided. It must be one of the three values :const:`CERT_NONE` 167 (certificates ignored), :const:`CERT_OPTIONAL` (not required, but validated 168 if provided), or :const:`CERT_REQUIRED` (required and validated). If the 169 value of this parameter is not :const:`CERT_NONE`, then the ``ca_certs`` 170 parameter must point to a file of CA certificates. 171 172 The ``ca_certs`` file contains a set of concatenated "certification 173 authority" certificates, which are used to validate certificates passed from 174 the other end of the connection. See the discussion of 175 :ref:`ssl-certificates` for more information about how to arrange the 176 certificates in this file. 177 178 The parameter ``ssl_version`` specifies which version of the SSL protocol to 179 use. Typically, the server chooses a particular protocol version, and the 180 client must adapt to the server's choice. Most of the versions are not 181 interoperable with the other versions. If not specified, the default is 182 :data:`PROTOCOL_SSLv23`; it provides the most compatibility with other 183 versions. 184 185 Here's a table showing which versions in a client (down the side) can connect 186 to which versions in a server (along the top): 187 188 .. table:: 189 190 ======================== ========= ========= ========== ========= =========== =========== 191 *client* / **server** **SSLv2** **SSLv3** **SSLv23** **TLSv1** **TLSv1.1** **TLSv1.2** 192 ------------------------ --------- --------- ---------- --------- ----------- ----------- 193 *SSLv2* yes no yes no no no 194 *SSLv3* no yes yes no no no 195 *SSLv23* no yes yes yes yes yes 196 *TLSv1* no no yes yes no no 197 *TLSv1.1* no no yes no yes no 198 *TLSv1.2* no no yes no no yes 199 ======================== ========= ========= ========== ========= =========== =========== 200 201 .. note:: 202 203 Which connections succeed will vary depending on the version of 204 OpenSSL. For example, before OpenSSL 1.0.0, an SSLv23 client 205 would always attempt SSLv2 connections. 206 207 The *ciphers* parameter sets the available ciphers for this SSL object. 208 It should be a string in the `OpenSSL cipher list format 209 <https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT>`_. 210 211 The parameter ``do_handshake_on_connect`` specifies whether to do the SSL 212 handshake automatically after doing a :meth:`socket.connect`, or whether the 213 application program will call it explicitly, by invoking the 214 :meth:`SSLSocket.do_handshake` method. Calling 215 :meth:`SSLSocket.do_handshake` explicitly gives the program control over the 216 blocking behavior of the socket I/O involved in the handshake. 217 218 The parameter ``suppress_ragged_eofs`` specifies how the 219 :meth:`SSLSocket.read` method should signal unexpected EOF from the other end 220 of the connection. If specified as :const:`True` (the default), it returns a 221 normal EOF (an empty bytes object) in response to unexpected EOF errors 222 raised from the underlying socket; if :const:`False`, it will raise the 223 exceptions back to the caller. 224 225 .. versionchanged:: 2.7 226 New optional argument *ciphers*. 227 228 229 Context creation 230 ^^^^^^^^^^^^^^^^ 231 232 A convenience function helps create :class:`SSLContext` objects for common 233 purposes. 234 235 .. function:: create_default_context(purpose=Purpose.SERVER_AUTH, cafile=None, capath=None, cadata=None) 236 237 Return a new :class:`SSLContext` object with default settings for 238 the given *purpose*. The settings are chosen by the :mod:`ssl` module, 239 and usually represent a higher security level than when calling the 240 :class:`SSLContext` constructor directly. 241 242 *cafile*, *capath*, *cadata* represent optional CA certificates to 243 trust for certificate verification, as in 244 :meth:`SSLContext.load_verify_locations`. If all three are 245 :const:`None`, this function can choose to trust the system's default 246 CA certificates instead. 247 248 The settings are: :data:`PROTOCOL_SSLv23`, :data:`OP_NO_SSLv2`, and 249 :data:`OP_NO_SSLv3` with high encryption cipher suites without RC4 and 250 without unauthenticated cipher suites. Passing :data:`~Purpose.SERVER_AUTH` 251 as *purpose* sets :data:`~SSLContext.verify_mode` to :data:`CERT_REQUIRED` 252 and either loads CA certificates (when at least one of *cafile*, *capath* or 253 *cadata* is given) or uses :meth:`SSLContext.load_default_certs` to load 254 default CA certificates. 255 256 .. note:: 257 The protocol, options, cipher and other settings may change to more 258 restrictive values anytime without prior deprecation. The values 259 represent a fair balance between compatibility and security. 260 261 If your application needs specific settings, you should create a 262 :class:`SSLContext` and apply the settings yourself. 263 264 .. note:: 265 If you find that when certain older clients or servers attempt to connect 266 with a :class:`SSLContext` created by this function that they get an error 267 stating "Protocol or cipher suite mismatch", it may be that they only 268 support SSL3.0 which this function excludes using the 269 :data:`OP_NO_SSLv3`. SSL3.0 is widely considered to be `completely broken 270 <https://en.wikipedia.org/wiki/POODLE>`_. If you still wish to continue to 271 use this function but still allow SSL 3.0 connections you can re-enable 272 them using:: 273 274 ctx = ssl.create_default_context(Purpose.CLIENT_AUTH) 275 ctx.options &= ~ssl.OP_NO_SSLv3 276 277 .. versionadded:: 2.7.9 278 279 .. versionchanged:: 2.7.10 280 281 RC4 was dropped from the default cipher string. 282 283 .. versionchanged:: 2.7.13 284 285 ChaCha20/Poly1305 was added to the default cipher string. 286 287 3DES was dropped from the default cipher string. 288 289 .. function:: _https_verify_certificates(enable=True) 290 291 Specifies whether or not server certificates are verified when creating 292 client HTTPS connections without specifying a particular SSL context. 293 294 Starting with Python 2.7.9, :mod:`httplib` and modules which use it, such as 295 :mod:`urllib2` and :mod:`xmlrpclib`, default to verifying remote server 296 certificates received when establishing client HTTPS connections. This 297 default verification checks that the certificate is signed by a Certificate 298 Authority in the system trust store and that the Common Name (or Subject 299 Alternate Name) on the presented certificate matches the requested host. 300 301 Setting *enable* to :const:`True` ensures this default behaviour is in 302 effect. 303 304 Setting *enable* to :const:`False` reverts the default HTTPS certificate 305 handling to that of Python 2.7.8 and earlier, allowing connections to 306 servers using self-signed certificates, servers using certificates signed 307 by a Certicate Authority not present in the system trust store, and servers 308 where the hostname does not match the presented server certificate. 309 310 The leading underscore on this function denotes that it intentionally does 311 not exist in any implementation of Python 3 and may not be present in all 312 Python 2.7 implementations. The portable approach to bypassing certificate 313 checks or the system trust store when necessary is for tools to enable that 314 on a case-by-case basis by explicitly passing in a suitably configured SSL 315 context, rather than reverting the default behaviour of the standard library 316 client modules. 317 318 .. versionadded:: 2.7.12 319 320 .. seealso:: 321 322 * `CVE-2014-9365 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365>`_ 323 -- HTTPS man-in-the-middle attack against Python clients using default settings 324 * :pep:`476` -- Enabling certificate verification by default for HTTPS 325 * :pep:`493` -- HTTPS verification migration tools for Python 2.7 326 327 328 Random generation 329 ^^^^^^^^^^^^^^^^^ 330 331 .. deprecated:: 2.7.13 332 333 OpenSSL has deprecated :func:`ssl.RAND_pseudo_bytes`, use 334 :func:`ssl.RAND_bytes` instead. 335 336 337 .. function:: RAND_status() 338 339 Return ``True`` if the SSL pseudo-random number generator has been seeded 340 with 'enough' randomness, and ``False`` otherwise. You can use 341 :func:`ssl.RAND_egd` and :func:`ssl.RAND_add` to increase the randomness of 342 the pseudo-random number generator. 343 344 .. function:: RAND_egd(path) 345 346 If you are running an entropy-gathering daemon (EGD) somewhere, and *path* 347 is the pathname of a socket connection open to it, this will read 256 bytes 348 of randomness from the socket, and add it to the SSL pseudo-random number 349 generator to increase the security of generated secret keys. This is 350 typically only necessary on systems without better sources of randomness. 351 352 See http://egd.sourceforge.net/ or http://prngd.sourceforge.net/ for sources 353 of entropy-gathering daemons. 354 355 Availability: not available with LibreSSL and OpenSSL > 1.1.0 356 357 .. function:: RAND_add(bytes, entropy) 358 359 Mix the given *bytes* into the SSL pseudo-random number generator. The 360 parameter *entropy* (a float) is a lower bound on the entropy contained in 361 string (so you can always use :const:`0.0`). See :rfc:`1750` for more 362 information on sources of entropy. 363 364 Certificate handling 365 ^^^^^^^^^^^^^^^^^^^^ 366 367 .. function:: match_hostname(cert, hostname) 368 369 Verify that *cert* (in decoded format as returned by 370 :meth:`SSLSocket.getpeercert`) matches the given *hostname*. The rules 371 applied are those for checking the identity of HTTPS servers as outlined 372 in :rfc:`2818` and :rfc:`6125`, except that IP addresses are not currently 373 supported. In addition to HTTPS, this function should be suitable for 374 checking the identity of servers in various SSL-based protocols such as 375 FTPS, IMAPS, POPS and others. 376 377 :exc:`CertificateError` is raised on failure. On success, the function 378 returns nothing:: 379 380 >>> cert = {'subject': ((('commonName', 'example.com'),),)} 381 >>> ssl.match_hostname(cert, "example.com") 382 >>> ssl.match_hostname(cert, "example.org") 383 Traceback (most recent call last): 384 File "<stdin>", line 1, in <module> 385 File "/home/py3k/Lib/ssl.py", line 130, in match_hostname 386 ssl.CertificateError: hostname 'example.org' doesn't match 'example.com' 387 388 .. versionadded:: 2.7.9 389 390 391 .. function:: cert_time_to_seconds(cert_time) 392 393 Return the time in seconds since the Epoch, given the ``cert_time`` 394 string representing the "notBefore" or "notAfter" date from a 395 certificate in ``"%b %d %H:%M:%S %Y %Z"`` strptime format (C 396 locale). 397 398 Here's an example: 399 400 .. doctest:: newcontext 401 402 >>> import ssl 403 >>> timestamp = ssl.cert_time_to_seconds("Jan 5 09:34:43 2018 GMT") 404 >>> timestamp 405 1515144883 406 >>> from datetime import datetime 407 >>> print(datetime.utcfromtimestamp(timestamp)) 408 2018-01-05 09:34:43 409 410 "notBefore" or "notAfter" dates must use GMT (:rfc:`5280`). 411 412 .. versionchanged:: 2.7.9 413 Interpret the input time as a time in UTC as specified by 'GMT' 414 timezone in the input string. Local timezone was used 415 previously. Return an integer (no fractions of a second in the 416 input format) 417 418 .. function:: get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None) 419 420 Given the address ``addr`` of an SSL-protected server, as a (*hostname*, 421 *port-number*) pair, fetches the server's certificate, and returns it as a 422 PEM-encoded string. If ``ssl_version`` is specified, uses that version of 423 the SSL protocol to attempt to connect to the server. If ``ca_certs`` is 424 specified, it should be a file containing a list of root certificates, the 425 same format as used for the same parameter in :func:`wrap_socket`. The call 426 will attempt to validate the server certificate against that set of root 427 certificates, and will fail if the validation attempt fails. 428 429 .. versionchanged:: 2.7.9 430 431 This function is now IPv6-compatible, and the default *ssl_version* is 432 changed from :data:`PROTOCOL_SSLv3` to :data:`PROTOCOL_SSLv23` for 433 maximum compatibility with modern servers. 434 435 .. function:: DER_cert_to_PEM_cert(DER_cert_bytes) 436 437 Given a certificate as a DER-encoded blob of bytes, returns a PEM-encoded 438 string version of the same certificate. 439 440 .. function:: PEM_cert_to_DER_cert(PEM_cert_string) 441 442 Given a certificate as an ASCII PEM string, returns a DER-encoded sequence of 443 bytes for that same certificate. 444 445 .. function:: get_default_verify_paths() 446 447 Returns a named tuple with paths to OpenSSL's default cafile and capath. 448 The paths are the same as used by 449 :meth:`SSLContext.set_default_verify_paths`. The return value is a 450 :term:`named tuple` ``DefaultVerifyPaths``: 451 452 * :attr:`cafile` - resolved path to cafile or ``None`` if the file doesn't exist, 453 * :attr:`capath` - resolved path to capath or ``None`` if the directory doesn't exist, 454 * :attr:`openssl_cafile_env` - OpenSSL's environment key that points to a cafile, 455 * :attr:`openssl_cafile` - hard coded path to a cafile, 456 * :attr:`openssl_capath_env` - OpenSSL's environment key that points to a capath, 457 * :attr:`openssl_capath` - hard coded path to a capath directory 458 459 Availability: LibreSSL ignores the environment vars 460 :attr:`openssl_cafile_env` and :attr:`openssl_capath_env` 461 462 .. versionadded:: 2.7.9 463 464 .. function:: enum_certificates(store_name) 465 466 Retrieve certificates from Windows' system cert store. *store_name* may be 467 one of ``CA``, ``ROOT`` or ``MY``. Windows may provide additional cert 468 stores, too. 469 470 The function returns a list of (cert_bytes, encoding_type, trust) tuples. 471 The encoding_type specifies the encoding of cert_bytes. It is either 472 :const:`x509_asn` for X.509 ASN.1 data or :const:`pkcs_7_asn` for 473 PKCS#7 ASN.1 data. Trust specifies the purpose of the certificate as a set 474 of OIDS or exactly ``True`` if the certificate is trustworthy for all 475 purposes. 476 477 Example:: 478 479 >>> ssl.enum_certificates("CA") 480 [(b'data...', 'x509_asn', {'1.3.6.1.5.5.7.3.1', '1.3.6.1.5.5.7.3.2'}), 481 (b'data...', 'x509_asn', True)] 482 483 Availability: Windows. 484 485 .. versionadded:: 2.7.9 486 487 .. function:: enum_crls(store_name) 488 489 Retrieve CRLs from Windows' system cert store. *store_name* may be 490 one of ``CA``, ``ROOT`` or ``MY``. Windows may provide additional cert 491 stores, too. 492 493 The function returns a list of (cert_bytes, encoding_type, trust) tuples. 494 The encoding_type specifies the encoding of cert_bytes. It is either 495 :const:`x509_asn` for X.509 ASN.1 data or :const:`pkcs_7_asn` for 496 PKCS#7 ASN.1 data. 497 498 Availability: Windows. 499 500 .. versionadded:: 2.7.9 501 502 503 Constants 504 ^^^^^^^^^ 505 506 .. data:: CERT_NONE 507 508 Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs`` 509 parameter to :func:`wrap_socket`. In this mode (the default), no 510 certificates will be required from the other side of the socket connection. 511 If a certificate is received from the other end, no attempt to validate it 512 is made. 513 514 See the discussion of :ref:`ssl-security` below. 515 516 .. data:: CERT_OPTIONAL 517 518 Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs`` 519 parameter to :func:`wrap_socket`. In this mode no certificates will be 520 required from the other side of the socket connection; but if they 521 are provided, validation will be attempted and an :class:`SSLError` 522 will be raised on failure. 523 524 Use of this setting requires a valid set of CA certificates to 525 be passed, either to :meth:`SSLContext.load_verify_locations` or as a 526 value of the ``ca_certs`` parameter to :func:`wrap_socket`. 527 528 .. data:: CERT_REQUIRED 529 530 Possible value for :attr:`SSLContext.verify_mode`, or the ``cert_reqs`` 531 parameter to :func:`wrap_socket`. In this mode, certificates are 532 required from the other side of the socket connection; an :class:`SSLError` 533 will be raised if no certificate is provided, or if its validation fails. 534 535 Use of this setting requires a valid set of CA certificates to 536 be passed, either to :meth:`SSLContext.load_verify_locations` or as a 537 value of the ``ca_certs`` parameter to :func:`wrap_socket`. 538 539 .. data:: VERIFY_DEFAULT 540 541 Possible value for :attr:`SSLContext.verify_flags`. In this mode, certificate 542 revocation lists (CRLs) are not checked. By default OpenSSL does neither 543 require nor verify CRLs. 544 545 .. versionadded:: 2.7.9 546 547 .. data:: VERIFY_CRL_CHECK_LEAF 548 549 Possible value for :attr:`SSLContext.verify_flags`. In this mode, only the 550 peer cert is check but non of the intermediate CA certificates. The mode 551 requires a valid CRL that is signed by the peer cert's issuer (its direct 552 ancestor CA). If no proper has been loaded 553 :attr:`SSLContext.load_verify_locations`, validation will fail. 554 555 .. versionadded:: 2.7.9 556 557 .. data:: VERIFY_CRL_CHECK_CHAIN 558 559 Possible value for :attr:`SSLContext.verify_flags`. In this mode, CRLs of 560 all certificates in the peer cert chain are checked. 561 562 .. versionadded:: 2.7.9 563 564 .. data:: VERIFY_X509_STRICT 565 566 Possible value for :attr:`SSLContext.verify_flags` to disable workarounds 567 for broken X.509 certificates. 568 569 .. versionadded:: 2.7.9 570 571 .. data:: VERIFY_X509_TRUSTED_FIRST 572 573 Possible value for :attr:`SSLContext.verify_flags`. It instructs OpenSSL to 574 prefer trusted certificates when building the trust chain to validate a 575 certificate. This flag is enabled by default. 576 577 .. versionadded:: 2.7.10 578 579 .. data:: PROTOCOL_TLS 580 581 Selects the highest protocol version that both the client and server support. 582 Despite the name, this option can select "TLS" protocols as well as "SSL". 583 584 .. versionadded:: 2.7.13 585 586 .. data:: PROTOCOL_SSLv23 587 588 Alias for ``PROTOCOL_TLS``. 589 590 .. deprecated:: 2.7.13 Use ``PROTOCOL_TLS`` instead. 591 592 .. data:: PROTOCOL_SSLv2 593 594 Selects SSL version 2 as the channel encryption protocol. 595 596 This protocol is not available if OpenSSL is compiled with the 597 ``OPENSSL_NO_SSL2`` flag. 598 599 .. warning:: 600 601 SSL version 2 is insecure. Its use is highly discouraged. 602 603 .. deprecated:: 2.7.13 OpenSSL has removed support for SSLv2. 604 605 .. data:: PROTOCOL_SSLv3 606 607 Selects SSL version 3 as the channel encryption protocol. 608 609 This protocol is not be available if OpenSSL is compiled with the 610 ``OPENSSL_NO_SSLv3`` flag. 611 612 .. warning:: 613 614 SSL version 3 is insecure. Its use is highly discouraged. 615 616 .. deprecated:: 2.7.13 617 618 OpenSSL has deprecated all version specific protocols. Use the default 619 protocol with flags like ``OP_NO_SSLv3`` instead. 620 621 .. data:: PROTOCOL_TLSv1 622 623 Selects TLS version 1.0 as the channel encryption protocol. 624 625 .. deprecated:: 2.7.13 626 627 OpenSSL has deprecated all version specific protocols. Use the default 628 protocol with flags like ``OP_NO_SSLv3`` instead. 629 630 .. data:: PROTOCOL_TLSv1_1 631 632 Selects TLS version 1.1 as the channel encryption protocol. 633 Available only with openssl version 1.0.1+. 634 635 .. versionadded:: 2.7.9 636 637 .. deprecated:: 2.7.13 638 639 OpenSSL has deprecated all version specific protocols. Use the default 640 protocol with flags like ``OP_NO_SSLv3`` instead. 641 642 .. data:: PROTOCOL_TLSv1_2 643 644 Selects TLS version 1.2 as the channel encryption protocol. This is the 645 most modern version, and probably the best choice for maximum protection, 646 if both sides can speak it. Available only with openssl version 1.0.1+. 647 648 .. versionadded:: 2.7.9 649 650 .. deprecated:: 2.7.13 651 652 OpenSSL has deprecated all version specific protocols. Use the default 653 protocol with flags like ``OP_NO_SSLv3`` instead. 654 655 656 .. data:: OP_ALL 657 658 Enables workarounds for various bugs present in other SSL implementations. 659 This option is set by default. It does not necessarily set the same 660 flags as OpenSSL's ``SSL_OP_ALL`` constant. 661 662 .. versionadded:: 2.7.9 663 664 .. data:: OP_NO_SSLv2 665 666 Prevents an SSLv2 connection. This option is only applicable in 667 conjunction with :const:`PROTOCOL_SSLv23`. It prevents the peers from 668 choosing SSLv2 as the protocol version. 669 670 .. versionadded:: 2.7.9 671 672 .. data:: OP_NO_SSLv3 673 674 Prevents an SSLv3 connection. This option is only applicable in 675 conjunction with :const:`PROTOCOL_SSLv23`. It prevents the peers from 676 choosing SSLv3 as the protocol version. 677 678 .. versionadded:: 2.7.9 679 680 .. data:: OP_NO_TLSv1 681 682 Prevents a TLSv1 connection. This option is only applicable in 683 conjunction with :const:`PROTOCOL_SSLv23`. It prevents the peers from 684 choosing TLSv1 as the protocol version. 685 686 .. versionadded:: 2.7.9 687 688 .. data:: OP_NO_TLSv1_1 689 690 Prevents a TLSv1.1 connection. This option is only applicable in conjunction 691 with :const:`PROTOCOL_SSLv23`. It prevents the peers from choosing TLSv1.1 as 692 the protocol version. Available only with openssl version 1.0.1+. 693 694 .. versionadded:: 2.7.9 695 696 .. data:: OP_NO_TLSv1_2 697 698 Prevents a TLSv1.2 connection. This option is only applicable in conjunction 699 with :const:`PROTOCOL_SSLv23`. It prevents the peers from choosing TLSv1.2 as 700 the protocol version. Available only with openssl version 1.0.1+. 701 702 .. versionadded:: 2.7.9 703 704 .. data:: OP_CIPHER_SERVER_PREFERENCE 705 706 Use the server's cipher ordering preference, rather than the client's. 707 This option has no effect on client sockets and SSLv2 server sockets. 708 709 .. versionadded:: 2.7.9 710 711 .. data:: OP_SINGLE_DH_USE 712 713 Prevents re-use of the same DH key for distinct SSL sessions. This 714 improves forward secrecy but requires more computational resources. 715 This option only applies to server sockets. 716 717 .. versionadded:: 2.7.9 718 719 .. data:: OP_SINGLE_ECDH_USE 720 721 Prevents re-use of the same ECDH key for distinct SSL sessions. This 722 improves forward secrecy but requires more computational resources. 723 This option only applies to server sockets. 724 725 .. versionadded:: 2.7.9 726 727 .. data:: OP_NO_COMPRESSION 728 729 Disable compression on the SSL channel. This is useful if the application 730 protocol supports its own compression scheme. 731 732 This option is only available with OpenSSL 1.0.0 and later. 733 734 .. versionadded:: 2.7.9 735 736 .. data:: HAS_ALPN 737 738 Whether the OpenSSL library has built-in support for the *Application-Layer 739 Protocol Negotiation* TLS extension as described in :rfc:`7301`. 740 741 .. versionadded:: 2.7.10 742 743 .. data:: HAS_ECDH 744 745 Whether the OpenSSL library has built-in support for Elliptic Curve-based 746 Diffie-Hellman key exchange. This should be true unless the feature was 747 explicitly disabled by the distributor. 748 749 .. versionadded:: 2.7.9 750 751 .. data:: HAS_SNI 752 753 Whether the OpenSSL library has built-in support for the *Server Name 754 Indication* extension (as defined in :rfc:`4366`). 755 756 .. versionadded:: 2.7.9 757 758 .. data:: HAS_NPN 759 760 Whether the OpenSSL library has built-in support for *Next Protocol 761 Negotiation* as described in the `NPN draft specification 762 <https://tools.ietf.org/html/draft-agl-tls-nextprotoneg>`_. When true, 763 you can use the :meth:`SSLContext.set_npn_protocols` method to advertise 764 which protocols you want to support. 765 766 .. versionadded:: 2.7.9 767 768 .. data:: CHANNEL_BINDING_TYPES 769 770 List of supported TLS channel binding types. Strings in this list 771 can be used as arguments to :meth:`SSLSocket.get_channel_binding`. 772 773 .. versionadded:: 2.7.9 774 775 .. data:: OPENSSL_VERSION 776 777 The version string of the OpenSSL library loaded by the interpreter:: 778 779 >>> ssl.OPENSSL_VERSION 780 'OpenSSL 0.9.8k 25 Mar 2009' 781 782 .. versionadded:: 2.7 783 784 .. data:: OPENSSL_VERSION_INFO 785 786 A tuple of five integers representing version information about the 787 OpenSSL library:: 788 789 >>> ssl.OPENSSL_VERSION_INFO 790 (0, 9, 8, 11, 15) 791 792 .. versionadded:: 2.7 793 794 .. data:: OPENSSL_VERSION_NUMBER 795 796 The raw version number of the OpenSSL library, as a single integer:: 797 798 >>> ssl.OPENSSL_VERSION_NUMBER 799 9470143L 800 >>> hex(ssl.OPENSSL_VERSION_NUMBER) 801 '0x9080bfL' 802 803 .. versionadded:: 2.7 804 805 .. data:: ALERT_DESCRIPTION_HANDSHAKE_FAILURE 806 ALERT_DESCRIPTION_INTERNAL_ERROR 807 ALERT_DESCRIPTION_* 808 809 Alert Descriptions from :rfc:`5246` and others. The `IANA TLS Alert Registry 810 <https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6>`_ 811 contains this list and references to the RFCs where their meaning is defined. 812 813 Used as the return value of the callback function in 814 :meth:`SSLContext.set_servername_callback`. 815 816 .. versionadded:: 2.7.9 817 818 .. data:: Purpose.SERVER_AUTH 819 820 Option for :func:`create_default_context` and 821 :meth:`SSLContext.load_default_certs`. This value indicates that the 822 context may be used to authenticate Web servers (therefore, it will 823 be used to create client-side sockets). 824 825 .. versionadded:: 2.7.9 826 827 .. data:: Purpose.CLIENT_AUTH 828 829 Option for :func:`create_default_context` and 830 :meth:`SSLContext.load_default_certs`. This value indicates that the 831 context may be used to authenticate Web clients (therefore, it will 832 be used to create server-side sockets). 833 834 .. versionadded:: 2.7.9 835 836 837 SSL Sockets 838 ----------- 839 840 SSL sockets provide the following methods of :ref:`socket-objects`: 841 842 - :meth:`~socket.socket.accept()` 843 - :meth:`~socket.socket.bind()` 844 - :meth:`~socket.socket.close()` 845 - :meth:`~socket.socket.connect()` 846 - :meth:`~socket.socket.fileno()` 847 - :meth:`~socket.socket.getpeername()`, :meth:`~socket.socket.getsockname()` 848 - :meth:`~socket.socket.getsockopt()`, :meth:`~socket.socket.setsockopt()` 849 - :meth:`~socket.socket.gettimeout()`, :meth:`~socket.socket.settimeout()`, 850 :meth:`~socket.socket.setblocking()` 851 - :meth:`~socket.socket.listen()` 852 - :meth:`~socket.socket.makefile()` 853 - :meth:`~socket.socket.recv()`, :meth:`~socket.socket.recv_into()` 854 (but passing a non-zero ``flags`` argument is not allowed) 855 - :meth:`~socket.socket.send()`, :meth:`~socket.socket.sendall()` (with 856 the same limitation) 857 - :meth:`~socket.socket.shutdown()` 858 859 However, since the SSL (and TLS) protocol has its own framing atop 860 of TCP, the SSL sockets abstraction can, in certain respects, diverge from 861 the specification of normal, OS-level sockets. See especially the 862 :ref:`notes on non-blocking sockets <ssl-nonblocking>`. 863 864 SSL sockets also have the following additional methods and attributes: 865 866 .. method:: SSLSocket.do_handshake() 867 868 Perform the SSL setup handshake. 869 870 .. versionchanged:: 2.7.9 871 872 The handshake method also performs :func:`match_hostname` when the 873 :attr:`~SSLContext.check_hostname` attribute of the socket's 874 :attr:`~SSLSocket.context` is true. 875 876 .. method:: SSLSocket.getpeercert(binary_form=False) 877 878 If there is no certificate for the peer on the other end of the connection, 879 return ``None``. If the SSL handshake hasn't been done yet, raise 880 :exc:`ValueError`. 881 882 If the ``binary_form`` parameter is :const:`False`, and a certificate was 883 received from the peer, this method returns a :class:`dict` instance. If the 884 certificate was not validated, the dict is empty. If the certificate was 885 validated, it returns a dict with several keys, amongst them ``subject`` 886 (the principal for which the certificate was issued) and ``issuer`` 887 (the principal issuing the certificate). If a certificate contains an 888 instance of the *Subject Alternative Name* extension (see :rfc:`3280`), 889 there will also be a ``subjectAltName`` key in the dictionary. 890 891 The ``subject`` and ``issuer`` fields are tuples containing the sequence 892 of relative distinguished names (RDNs) given in the certificate's data 893 structure for the respective fields, and each RDN is a sequence of 894 name-value pairs. Here is a real-world example:: 895 896 {'issuer': ((('countryName', 'IL'),), 897 (('organizationName', 'StartCom Ltd.'),), 898 (('organizationalUnitName', 899 'Secure Digital Certificate Signing'),), 900 (('commonName', 901 'StartCom Class 2 Primary Intermediate Server CA'),)), 902 'notAfter': 'Nov 22 08:15:19 2013 GMT', 903 'notBefore': 'Nov 21 03:09:52 2011 GMT', 904 'serialNumber': '95F0', 905 'subject': ((('description', '571208-SLe257oHY9fVQ07Z'),), 906 (('countryName', 'US'),), 907 (('stateOrProvinceName', 'California'),), 908 (('localityName', 'San Francisco'),), 909 (('organizationName', 'Electronic Frontier Foundation, Inc.'),), 910 (('commonName', '*.eff.org'),), 911 (('emailAddress', 'hostmaster (a] eff.org'),)), 912 'subjectAltName': (('DNS', '*.eff.org'), ('DNS', 'eff.org')), 913 'version': 3} 914 915 .. note:: 916 917 To validate a certificate for a particular service, you can use the 918 :func:`match_hostname` function. 919 920 If the ``binary_form`` parameter is :const:`True`, and a certificate was 921 provided, this method returns the DER-encoded form of the entire certificate 922 as a sequence of bytes, or :const:`None` if the peer did not provide a 923 certificate. Whether the peer provides a certificate depends on the SSL 924 socket's role: 925 926 * for a client SSL socket, the server will always provide a certificate, 927 regardless of whether validation was required; 928 929 * for a server SSL socket, the client will only provide a certificate 930 when requested by the server; therefore :meth:`getpeercert` will return 931 :const:`None` if you used :const:`CERT_NONE` (rather than 932 :const:`CERT_OPTIONAL` or :const:`CERT_REQUIRED`). 933 934 .. versionchanged:: 2.7.9 935 The returned dictionary includes additional items such as ``issuer`` and 936 ``notBefore``. Additionall :exc:`ValueError` is raised when the handshake 937 isn't done. The returned dictionary includes additional X509v3 extension 938 items such as ``crlDistributionPoints``, ``caIssuers`` and ``OCSP`` URIs. 939 940 .. method:: SSLSocket.cipher() 941 942 Returns a three-value tuple containing the name of the cipher being used, the 943 version of the SSL protocol that defines its use, and the number of secret 944 bits being used. If no connection has been established, returns ``None``. 945 946 .. method:: SSLSocket.compression() 947 948 Return the compression algorithm being used as a string, or ``None`` 949 if the connection isn't compressed. 950 951 If the higher-level protocol supports its own compression mechanism, 952 you can use :data:`OP_NO_COMPRESSION` to disable SSL-level compression. 953 954 .. versionadded:: 2.7.9 955 956 .. method:: SSLSocket.get_channel_binding(cb_type="tls-unique") 957 958 Get channel binding data for current connection, as a bytes object. Returns 959 ``None`` if not connected or the handshake has not been completed. 960 961 The *cb_type* parameter allow selection of the desired channel binding 962 type. Valid channel binding types are listed in the 963 :data:`CHANNEL_BINDING_TYPES` list. Currently only the 'tls-unique' channel 964 binding, defined by :rfc:`5929`, is supported. :exc:`ValueError` will be 965 raised if an unsupported channel binding type is requested. 966 967 .. versionadded:: 2.7.9 968 969 .. method:: SSLSocket.selected_alpn_protocol() 970 971 Return the protocol that was selected during the TLS handshake. If 972 :meth:`SSLContext.set_alpn_protocols` was not called, if the other party does 973 not support ALPN, if this socket does not support any of the client's 974 proposed protocols, or if the handshake has not happened yet, ``None`` is 975 returned. 976 977 .. versionadded:: 2.7.10 978 979 .. method:: SSLSocket.selected_npn_protocol() 980 981 Return the higher-level protocol that was selected during the TLS/SSL 982 handshake. If :meth:`SSLContext.set_npn_protocols` was not called, or 983 if the other party does not support NPN, or if the handshake has not yet 984 happened, this will return ``None``. 985 986 .. versionadded:: 2.7.9 987 988 .. method:: SSLSocket.unwrap() 989 990 Performs the SSL shutdown handshake, which removes the TLS layer from the 991 underlying socket, and returns the underlying socket object. This can be 992 used to go from encrypted operation over a connection to unencrypted. The 993 returned socket should always be used for further communication with the 994 other side of the connection, rather than the original socket. 995 996 .. method:: SSLSocket.version() 997 998 Return the actual SSL protocol version negotiated by the connection 999 as a string, or ``None`` is no secure connection is established. 1000 As of this writing, possible return values include ``"SSLv2"``, 1001 ``"SSLv3"``, ``"TLSv1"``, ``"TLSv1.1"`` and ``"TLSv1.2"``. 1002 Recent OpenSSL versions may define more return values. 1003 1004 .. versionadded:: 2.7.9 1005 1006 .. attribute:: SSLSocket.context 1007 1008 The :class:`SSLContext` object this SSL socket is tied to. If the SSL 1009 socket was created using the top-level :func:`wrap_socket` function 1010 (rather than :meth:`SSLContext.wrap_socket`), this is a custom context 1011 object created for this SSL socket. 1012 1013 .. versionadded:: 2.7.9 1014 1015 1016 SSL Contexts 1017 ------------ 1018 1019 .. versionadded:: 2.7.9 1020 1021 An SSL context holds various data longer-lived than single SSL connections, 1022 such as SSL configuration options, certificate(s) and private key(s). 1023 It also manages a cache of SSL sessions for server-side sockets, in order 1024 to speed up repeated connections from the same clients. 1025 1026 .. class:: SSLContext(protocol) 1027 1028 Create a new SSL context. You must pass *protocol* which must be one 1029 of the ``PROTOCOL_*`` constants defined in this module. 1030 :data:`PROTOCOL_SSLv23` is currently recommended for maximum 1031 interoperability. 1032 1033 .. seealso:: 1034 :func:`create_default_context` lets the :mod:`ssl` module choose 1035 security settings for a given purpose. 1036 1037 1038 :class:`SSLContext` objects have the following methods and attributes: 1039 1040 .. method:: SSLContext.cert_store_stats() 1041 1042 Get statistics about quantities of loaded X.509 certificates, count of 1043 X.509 certificates flagged as CA certificates and certificate revocation 1044 lists as dictionary. 1045 1046 Example for a context with one CA cert and one other cert:: 1047 1048 >>> context.cert_store_stats() 1049 {'crl': 0, 'x509_ca': 1, 'x509': 2} 1050 1051 1052 .. method:: SSLContext.load_cert_chain(certfile, keyfile=None, password=None) 1053 1054 Load a private key and the corresponding certificate. The *certfile* 1055 string must be the path to a single file in PEM format containing the 1056 certificate as well as any number of CA certificates needed to establish 1057 the certificate's authenticity. The *keyfile* string, if present, must 1058 point to a file containing the private key in. Otherwise the private 1059 key will be taken from *certfile* as well. See the discussion of 1060 :ref:`ssl-certificates` for more information on how the certificate 1061 is stored in the *certfile*. 1062 1063 The *password* argument may be a function to call to get the password for 1064 decrypting the private key. It will only be called if the private key is 1065 encrypted and a password is necessary. It will be called with no arguments, 1066 and it should return a string, bytes, or bytearray. If the return value is 1067 a string it will be encoded as UTF-8 before using it to decrypt the key. 1068 Alternatively a string, bytes, or bytearray value may be supplied directly 1069 as the *password* argument. It will be ignored if the private key is not 1070 encrypted and no password is needed. 1071 1072 If the *password* argument is not specified and a password is required, 1073 OpenSSL's built-in password prompting mechanism will be used to 1074 interactively prompt the user for a password. 1075 1076 An :class:`SSLError` is raised if the private key doesn't 1077 match with the certificate. 1078 1079 .. method:: SSLContext.load_default_certs(purpose=Purpose.SERVER_AUTH) 1080 1081 Load a set of default "certification authority" (CA) certificates from 1082 default locations. On Windows it loads CA certs from the ``CA`` and 1083 ``ROOT`` system stores. On other systems it calls 1084 :meth:`SSLContext.set_default_verify_paths`. In the future the method may 1085 load CA certificates from other locations, too. 1086 1087 The *purpose* flag specifies what kind of CA certificates are loaded. The 1088 default settings :data:`Purpose.SERVER_AUTH` loads certificates, that are 1089 flagged and trusted for TLS web server authentication (client side 1090 sockets). :data:`Purpose.CLIENT_AUTH` loads CA certificates for client 1091 certificate verification on the server side. 1092 1093 .. method:: SSLContext.load_verify_locations(cafile=None, capath=None, cadata=None) 1094 1095 Load a set of "certification authority" (CA) certificates used to validate 1096 other peers' certificates when :data:`verify_mode` is other than 1097 :data:`CERT_NONE`. At least one of *cafile* or *capath* must be specified. 1098 1099 This method can also load certification revocation lists (CRLs) in PEM or 1100 DER format. In order to make use of CRLs, :attr:`SSLContext.verify_flags` 1101 must be configured properly. 1102 1103 The *cafile* string, if present, is the path to a file of concatenated 1104 CA certificates in PEM format. See the discussion of 1105 :ref:`ssl-certificates` for more information about how to arrange the 1106 certificates in this file. 1107 1108 The *capath* string, if present, is 1109 the path to a directory containing several CA certificates in PEM format, 1110 following an `OpenSSL specific layout 1111 <https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html>`_. 1112 1113 The *cadata* object, if present, is either an ASCII string of one or more 1114 PEM-encoded certificates or a bytes-like object of DER-encoded 1115 certificates. Like with *capath* extra lines around PEM-encoded 1116 certificates are ignored but at least one certificate must be present. 1117 1118 .. method:: SSLContext.get_ca_certs(binary_form=False) 1119 1120 Get a list of loaded "certification authority" (CA) certificates. If the 1121 ``binary_form`` parameter is :const:`False` each list 1122 entry is a dict like the output of :meth:`SSLSocket.getpeercert`. Otherwise 1123 the method returns a list of DER-encoded certificates. The returned list 1124 does not contain certificates from *capath* unless a certificate was 1125 requested and loaded by a SSL connection. 1126 1127 .. method:: SSLContext.set_default_verify_paths() 1128 1129 Load a set of default "certification authority" (CA) certificates from 1130 a filesystem path defined when building the OpenSSL library. Unfortunately, 1131 there's no easy way to know whether this method succeeds: no error is 1132 returned if no certificates are to be found. When the OpenSSL library is 1133 provided as part of the operating system, though, it is likely to be 1134 configured properly. 1135 1136 .. method:: SSLContext.set_ciphers(ciphers) 1137 1138 Set the available ciphers for sockets created with this context. 1139 It should be a string in the `OpenSSL cipher list format 1140 <https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT>`_. 1141 If no cipher can be selected (because compile-time options or other 1142 configuration forbids use of all the specified ciphers), an 1143 :class:`SSLError` will be raised. 1144 1145 .. note:: 1146 when connected, the :meth:`SSLSocket.cipher` method of SSL sockets will 1147 give the currently selected cipher. 1148 1149 .. method:: SSLContext.set_alpn_protocols(protocols) 1150 1151 Specify which protocols the socket should advertise during the SSL/TLS 1152 handshake. It should be a list of ASCII strings, like ``['http/1.1', 1153 'spdy/2']``, ordered by preference. The selection of a protocol will happen 1154 during the handshake, and will play out according to :rfc:`7301`. After a 1155 successful handshake, the :meth:`SSLSocket.selected_alpn_protocol` method will 1156 return the agreed-upon protocol. 1157 1158 This method will raise :exc:`NotImplementedError` if :data:`HAS_ALPN` is 1159 False. 1160 1161 OpenSSL 1.1.0+ will abort the handshake and raise :exc:`SSLError` when 1162 both sides support ALPN but cannot agree on a protocol. 1163 1164 .. versionadded:: 2.7.10 1165 1166 .. method:: SSLContext.set_npn_protocols(protocols) 1167 1168 Specify which protocols the socket should advertise during the SSL/TLS 1169 handshake. It should be a list of strings, like ``['http/1.1', 'spdy/2']``, 1170 ordered by preference. The selection of a protocol will happen during the 1171 handshake, and will play out according to the `NPN draft specification 1172 <https://tools.ietf.org/html/draft-agl-tls-nextprotoneg>`_. After a 1173 successful handshake, the :meth:`SSLSocket.selected_npn_protocol` method will 1174 return the agreed-upon protocol. 1175 1176 This method will raise :exc:`NotImplementedError` if :data:`HAS_NPN` is 1177 False. 1178 1179 .. method:: SSLContext.set_servername_callback(server_name_callback) 1180 1181 Register a callback function that will be called after the TLS Client Hello 1182 handshake message has been received by the SSL/TLS server when the TLS client 1183 specifies a server name indication. The server name indication mechanism 1184 is specified in :rfc:`6066` section 3 - Server Name Indication. 1185 1186 Only one callback can be set per ``SSLContext``. If *server_name_callback* 1187 is ``None`` then the callback is disabled. Calling this function a 1188 subsequent time will disable the previously registered callback. 1189 1190 The callback function, *server_name_callback*, will be called with three 1191 arguments; the first being the :class:`ssl.SSLSocket`, the second is a string 1192 that represents the server name that the client is intending to communicate 1193 (or :const:`None` if the TLS Client Hello does not contain a server name) 1194 and the third argument is the original :class:`SSLContext`. The server name 1195 argument is the IDNA decoded server name. 1196 1197 A typical use of this callback is to change the :class:`ssl.SSLSocket`'s 1198 :attr:`SSLSocket.context` attribute to a new object of type 1199 :class:`SSLContext` representing a certificate chain that matches the server 1200 name. 1201 1202 Due to the early negotiation phase of the TLS connection, only limited 1203 methods and attributes are usable like 1204 :meth:`SSLSocket.selected_alpn_protocol` and :attr:`SSLSocket.context`. 1205 :meth:`SSLSocket.getpeercert`, :meth:`SSLSocket.getpeercert`, 1206 :meth:`SSLSocket.cipher` and :meth:`SSLSocket.compress` methods require that 1207 the TLS connection has progressed beyond the TLS Client Hello and therefore 1208 will not contain return meaningful values nor can they be called safely. 1209 1210 The *server_name_callback* function must return ``None`` to allow the 1211 TLS negotiation to continue. If a TLS failure is required, a constant 1212 :const:`ALERT_DESCRIPTION_* <ALERT_DESCRIPTION_INTERNAL_ERROR>` can be 1213 returned. Other return values will result in a TLS fatal error with 1214 :const:`ALERT_DESCRIPTION_INTERNAL_ERROR`. 1215 1216 If there is an IDNA decoding error on the server name, the TLS connection 1217 will terminate with an :const:`ALERT_DESCRIPTION_INTERNAL_ERROR` fatal TLS 1218 alert message to the client. 1219 1220 If an exception is raised from the *server_name_callback* function the TLS 1221 connection will terminate with a fatal TLS alert message 1222 :const:`ALERT_DESCRIPTION_HANDSHAKE_FAILURE`. 1223 1224 This method will raise :exc:`NotImplementedError` if the OpenSSL library 1225 had OPENSSL_NO_TLSEXT defined when it was built. 1226 1227 .. method:: SSLContext.load_dh_params(dhfile) 1228 1229 Load the key generation parameters for Diffie-Helman (DH) key exchange. 1230 Using DH key exchange improves forward secrecy at the expense of 1231 computational resources (both on the server and on the client). 1232 The *dhfile* parameter should be the path to a file containing DH 1233 parameters in PEM format. 1234 1235 This setting doesn't apply to client sockets. You can also use the 1236 :data:`OP_SINGLE_DH_USE` option to further improve security. 1237 1238 .. method:: SSLContext.set_ecdh_curve(curve_name) 1239 1240 Set the curve name for Elliptic Curve-based Diffie-Hellman (ECDH) key 1241 exchange. ECDH is significantly faster than regular DH while arguably 1242 as secure. The *curve_name* parameter should be a string describing 1243 a well-known elliptic curve, for example ``prime256v1`` for a widely 1244 supported curve. 1245 1246 This setting doesn't apply to client sockets. You can also use the 1247 :data:`OP_SINGLE_ECDH_USE` option to further improve security. 1248 1249 This method is not available if :data:`HAS_ECDH` is ``False``. 1250 1251 .. seealso:: 1252 `SSL/TLS & Perfect Forward Secrecy <http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html>`_ 1253 Vincent Bernat. 1254 1255 .. method:: SSLContext.wrap_socket(sock, server_side=False, \ 1256 do_handshake_on_connect=True, suppress_ragged_eofs=True, \ 1257 server_hostname=None) 1258 1259 Wrap an existing Python socket *sock* and return an :class:`SSLSocket` 1260 object. *sock* must be a :data:`~socket.SOCK_STREAM` socket; other socket 1261 types are unsupported. 1262 1263 The returned SSL socket is tied to the context, its settings and 1264 certificates. The parameters *server_side*, *do_handshake_on_connect* 1265 and *suppress_ragged_eofs* have the same meaning as in the top-level 1266 :func:`wrap_socket` function. 1267 1268 On client connections, the optional parameter *server_hostname* specifies 1269 the hostname of the service which we are connecting to. This allows a 1270 single server to host multiple SSL-based services with distinct certificates, 1271 quite similarly to HTTP virtual hosts. Specifying *server_hostname* will 1272 raise a :exc:`ValueError` if *server_side* is true. 1273 1274 .. versionchanged:: 2.7.9 1275 Always allow a server_hostname to be passed, even if OpenSSL does not 1276 have SNI. 1277 1278 .. method:: SSLContext.session_stats() 1279 1280 Get statistics about the SSL sessions created or managed by this context. 1281 A dictionary is returned which maps the names of each `piece of information 1282 <https://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html>`_ to their 1283 numeric values. For example, here is the total number of hits and misses 1284 in the session cache since the context was created:: 1285 1286 >>> stats = context.session_stats() 1287 >>> stats['hits'], stats['misses'] 1288 (0, 0) 1289 1290 .. method:: SSLContext.get_ca_certs(binary_form=False) 1291 1292 Returns a list of dicts with information of loaded CA certs. If the 1293 optional argument is true, returns a DER-encoded copy of the CA 1294 certificate. 1295 1296 .. note:: 1297 Certificates in a capath directory aren't loaded unless they have 1298 been used at least once. 1299 1300 .. attribute:: SSLContext.check_hostname 1301 1302 Wether to match the peer cert's hostname with :func:`match_hostname` in 1303 :meth:`SSLSocket.do_handshake`. The context's 1304 :attr:`~SSLContext.verify_mode` must be set to :data:`CERT_OPTIONAL` or 1305 :data:`CERT_REQUIRED`, and you must pass *server_hostname* to 1306 :meth:`~SSLContext.wrap_socket` in order to match the hostname. 1307 1308 Example:: 1309 1310 import socket, ssl 1311 1312 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) 1313 context.verify_mode = ssl.CERT_REQUIRED 1314 context.check_hostname = True 1315 context.load_default_certs() 1316 1317 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 1318 ssl_sock = context.wrap_socket(s, server_hostname='www.verisign.com') 1319 ssl_sock.connect(('www.verisign.com', 443)) 1320 1321 .. note:: 1322 1323 This features requires OpenSSL 0.9.8f or newer. 1324 1325 .. attribute:: SSLContext.options 1326 1327 An integer representing the set of SSL options enabled on this context. 1328 The default value is :data:`OP_ALL`, but you can specify other options 1329 such as :data:`OP_NO_SSLv2` by ORing them together. 1330 1331 .. note:: 1332 With versions of OpenSSL older than 0.9.8m, it is only possible 1333 to set options, not to clear them. Attempting to clear an option 1334 (by resetting the corresponding bits) will raise a ``ValueError``. 1335 1336 .. attribute:: SSLContext.protocol 1337 1338 The protocol version chosen when constructing the context. This attribute 1339 is read-only. 1340 1341 .. attribute:: SSLContext.verify_flags 1342 1343 The flags for certificate verification operations. You can set flags like 1344 :data:`VERIFY_CRL_CHECK_LEAF` by ORing them together. By default OpenSSL 1345 does neither require nor verify certificate revocation lists (CRLs). 1346 Available only with openssl version 0.9.8+. 1347 1348 .. attribute:: SSLContext.verify_mode 1349 1350 Whether to try to verify other peers' certificates and how to behave 1351 if verification fails. This attribute must be one of 1352 :data:`CERT_NONE`, :data:`CERT_OPTIONAL` or :data:`CERT_REQUIRED`. 1353 1354 1355 .. index:: single: certificates 1356 1357 .. index:: single: X509 certificate 1358 1359 .. _ssl-certificates: 1360 1361 Certificates 1362 ------------ 1363 1364 Certificates in general are part of a public-key / private-key system. In this 1365 system, each *principal*, (which may be a machine, or a person, or an 1366 organization) is assigned a unique two-part encryption key. One part of the key 1367 is public, and is called the *public key*; the other part is kept secret, and is 1368 called the *private key*. The two parts are related, in that if you encrypt a 1369 message with one of the parts, you can decrypt it with the other part, and 1370 **only** with the other part. 1371 1372 A certificate contains information about two principals. It contains the name 1373 of a *subject*, and the subject's public key. It also contains a statement by a 1374 second principal, the *issuer*, that the subject is who he claims to be, and 1375 that this is indeed the subject's public key. The issuer's statement is signed 1376 with the issuer's private key, which only the issuer knows. However, anyone can 1377 verify the issuer's statement by finding the issuer's public key, decrypting the 1378 statement with it, and comparing it to the other information in the certificate. 1379 The certificate also contains information about the time period over which it is 1380 valid. This is expressed as two fields, called "notBefore" and "notAfter". 1381 1382 In the Python use of certificates, a client or server can use a certificate to 1383 prove who they are. The other side of a network connection can also be required 1384 to produce a certificate, and that certificate can be validated to the 1385 satisfaction of the client or server that requires such validation. The 1386 connection attempt can be set to raise an exception if the validation fails. 1387 Validation is done automatically, by the underlying OpenSSL framework; the 1388 application need not concern itself with its mechanics. But the application 1389 does usually need to provide sets of certificates to allow this process to take 1390 place. 1391 1392 Python uses files to contain certificates. They should be formatted as "PEM" 1393 (see :rfc:`1422`), which is a base-64 encoded form wrapped with a header line 1394 and a footer line:: 1395 1396 -----BEGIN CERTIFICATE----- 1397 ... (certificate in base64 PEM encoding) ... 1398 -----END CERTIFICATE----- 1399 1400 Certificate chains 1401 ^^^^^^^^^^^^^^^^^^ 1402 1403 The Python files which contain certificates can contain a sequence of 1404 certificates, sometimes called a *certificate chain*. This chain should start 1405 with the specific certificate for the principal who "is" the client or server, 1406 and then the certificate for the issuer of that certificate, and then the 1407 certificate for the issuer of *that* certificate, and so on up the chain till 1408 you get to a certificate which is *self-signed*, that is, a certificate which 1409 has the same subject and issuer, sometimes called a *root certificate*. The 1410 certificates should just be concatenated together in the certificate file. For 1411 example, suppose we had a three certificate chain, from our server certificate 1412 to the certificate of the certification authority that signed our server 1413 certificate, to the root certificate of the agency which issued the 1414 certification authority's certificate:: 1415 1416 -----BEGIN CERTIFICATE----- 1417 ... (certificate for your server)... 1418 -----END CERTIFICATE----- 1419 -----BEGIN CERTIFICATE----- 1420 ... (the certificate for the CA)... 1421 -----END CERTIFICATE----- 1422 -----BEGIN CERTIFICATE----- 1423 ... (the root certificate for the CA's issuer)... 1424 -----END CERTIFICATE----- 1425 1426 CA certificates 1427 ^^^^^^^^^^^^^^^ 1428 1429 If you are going to require validation of the other side of the connection's 1430 certificate, you need to provide a "CA certs" file, filled with the certificate 1431 chains for each issuer you are willing to trust. Again, this file just contains 1432 these chains concatenated together. For validation, Python will use the first 1433 chain it finds in the file which matches. The platform's certificates file can 1434 be used by calling :meth:`SSLContext.load_default_certs`, this is done 1435 automatically with :func:`.create_default_context`. 1436 1437 Combined key and certificate 1438 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 1439 1440 Often the private key is stored in the same file as the certificate; in this 1441 case, only the ``certfile`` parameter to :meth:`SSLContext.load_cert_chain` 1442 and :func:`wrap_socket` needs to be passed. If the private key is stored 1443 with the certificate, it should come before the first certificate in 1444 the certificate chain:: 1445 1446 -----BEGIN RSA PRIVATE KEY----- 1447 ... (private key in base64 encoding) ... 1448 -----END RSA PRIVATE KEY----- 1449 -----BEGIN CERTIFICATE----- 1450 ... (certificate in base64 PEM encoding) ... 1451 -----END CERTIFICATE----- 1452 1453 Self-signed certificates 1454 ^^^^^^^^^^^^^^^^^^^^^^^^ 1455 1456 If you are going to create a server that provides SSL-encrypted connection 1457 services, you will need to acquire a certificate for that service. There are 1458 many ways of acquiring appropriate certificates, such as buying one from a 1459 certification authority. Another common practice is to generate a self-signed 1460 certificate. The simplest way to do this is with the OpenSSL package, using 1461 something like the following:: 1462 1463 % openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.pem 1464 Generating a 1024 bit RSA private key 1465 .......++++++ 1466 .............................++++++ 1467 writing new private key to 'cert.pem' 1468 ----- 1469 You are about to be asked to enter information that will be incorporated 1470 into your certificate request. 1471 What you are about to enter is what is called a Distinguished Name or a DN. 1472 There are quite a few fields but you can leave some blank 1473 For some fields there will be a default value, 1474 If you enter '.', the field will be left blank. 1475 ----- 1476 Country Name (2 letter code) [AU]:US 1477 State or Province Name (full name) [Some-State]:MyState 1478 Locality Name (eg, city) []:Some City 1479 Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Organization, Inc. 1480 Organizational Unit Name (eg, section) []:My Group 1481 Common Name (eg, YOUR name) []:myserver.mygroup.myorganization.com 1482 Email Address []:ops (a] myserver.mygroup.myorganization.com 1483 % 1484 1485 The disadvantage of a self-signed certificate is that it is its own root 1486 certificate, and no one else will have it in their cache of known (and trusted) 1487 root certificates. 1488 1489 1490 Examples 1491 -------- 1492 1493 Testing for SSL support 1494 ^^^^^^^^^^^^^^^^^^^^^^^ 1495 1496 To test for the presence of SSL support in a Python installation, user code 1497 should use the following idiom:: 1498 1499 try: 1500 import ssl 1501 except ImportError: 1502 pass 1503 else: 1504 ... # do something that requires SSL support 1505 1506 Client-side operation 1507 ^^^^^^^^^^^^^^^^^^^^^ 1508 1509 This example creates a SSL context with the recommended security settings 1510 for client sockets, including automatic certificate verification:: 1511 1512 >>> context = ssl.create_default_context() 1513 1514 If you prefer to tune security settings yourself, you might create 1515 a context from scratch (but beware that you might not get the settings 1516 right):: 1517 1518 >>> context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) 1519 >>> context.verify_mode = ssl.CERT_REQUIRED 1520 >>> context.check_hostname = True 1521 >>> context.load_verify_locations("/etc/ssl/certs/ca-bundle.crt") 1522 1523 (this snippet assumes your operating system places a bundle of all CA 1524 certificates in ``/etc/ssl/certs/ca-bundle.crt``; if not, you'll get an 1525 error and have to adjust the location) 1526 1527 When you use the context to connect to a server, :const:`CERT_REQUIRED` 1528 validates the server certificate: it ensures that the server certificate 1529 was signed with one of the CA certificates, and checks the signature for 1530 correctness:: 1531 1532 >>> conn = context.wrap_socket(socket.socket(socket.AF_INET), 1533 ... server_hostname="www.python.org") 1534 >>> conn.connect(("www.python.org", 443)) 1535 1536 You may then fetch the certificate:: 1537 1538 >>> cert = conn.getpeercert() 1539 1540 Visual inspection shows that the certificate does identify the desired service 1541 (that is, the HTTPS host ``www.python.org``):: 1542 1543 >>> pprint.pprint(cert) 1544 {'OCSP': ('http://ocsp.digicert.com',), 1545 'caIssuers': ('http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt',), 1546 'crlDistributionPoints': ('http://crl3.digicert.com/sha2-ev-server-g1.crl', 1547 'http://crl4.digicert.com/sha2-ev-server-g1.crl'), 1548 'issuer': ((('countryName', 'US'),), 1549 (('organizationName', 'DigiCert Inc'),), 1550 (('organizationalUnitName', 'www.digicert.com'),), 1551 (('commonName', 'DigiCert SHA2 Extended Validation Server CA'),)), 1552 'notAfter': 'Sep 9 12:00:00 2016 GMT', 1553 'notBefore': 'Sep 5 00:00:00 2014 GMT', 1554 'serialNumber': '01BB6F00122B177F36CAB49CEA8B6B26', 1555 'subject': ((('businessCategory', 'Private Organization'),), 1556 (('1.3.6.1.4.1.311.60.2.1.3', 'US'),), 1557 (('1.3.6.1.4.1.311.60.2.1.2', 'Delaware'),), 1558 (('serialNumber', '3359300'),), 1559 (('streetAddress', '16 Allen Rd'),), 1560 (('postalCode', '03894-4801'),), 1561 (('countryName', 'US'),), 1562 (('stateOrProvinceName', 'NH'),), 1563 (('localityName', 'Wolfeboro,'),), 1564 (('organizationName', 'Python Software Foundation'),), 1565 (('commonName', 'www.python.org'),)), 1566 'subjectAltName': (('DNS', 'www.python.org'), 1567 ('DNS', 'python.org'), 1568 ('DNS', 'pypi.python.org'), 1569 ('DNS', 'docs.python.org'), 1570 ('DNS', 'testpypi.python.org'), 1571 ('DNS', 'bugs.python.org'), 1572 ('DNS', 'wiki.python.org'), 1573 ('DNS', 'hg.python.org'), 1574 ('DNS', 'mail.python.org'), 1575 ('DNS', 'packaging.python.org'), 1576 ('DNS', 'pythonhosted.org'), 1577 ('DNS', 'www.pythonhosted.org'), 1578 ('DNS', 'test.pythonhosted.org'), 1579 ('DNS', 'us.pycon.org'), 1580 ('DNS', 'id.python.org')), 1581 'version': 3} 1582 1583 Now the SSL channel is established and the certificate verified, you can 1584 proceed to talk with the server:: 1585 1586 >>> conn.sendall(b"HEAD / HTTP/1.0\r\nHost: linuxfr.org\r\n\r\n") 1587 >>> pprint.pprint(conn.recv(1024).split(b"\r\n")) 1588 [b'HTTP/1.1 200 OK', 1589 b'Date: Sat, 18 Oct 2014 18:27:20 GMT', 1590 b'Server: nginx', 1591 b'Content-Type: text/html; charset=utf-8', 1592 b'X-Frame-Options: SAMEORIGIN', 1593 b'Content-Length: 45679', 1594 b'Accept-Ranges: bytes', 1595 b'Via: 1.1 varnish', 1596 b'Age: 2188', 1597 b'X-Served-By: cache-lcy1134-LCY', 1598 b'X-Cache: HIT', 1599 b'X-Cache-Hits: 11', 1600 b'Vary: Cookie', 1601 b'Strict-Transport-Security: max-age=63072000; includeSubDomains', 1602 b'Connection: close', 1603 b'', 1604 b''] 1605 1606 See the discussion of :ref:`ssl-security` below. 1607 1608 1609 Server-side operation 1610 ^^^^^^^^^^^^^^^^^^^^^ 1611 1612 For server operation, typically you'll need to have a server certificate, and 1613 private key, each in a file. You'll first create a context holding the key 1614 and the certificate, so that clients can check your authenticity. Then 1615 you'll open a socket, bind it to a port, call :meth:`listen` on it, and start 1616 waiting for clients to connect:: 1617 1618 import socket, ssl 1619 1620 context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) 1621 context.load_cert_chain(certfile="mycertfile", keyfile="mykeyfile") 1622 1623 bindsocket = socket.socket() 1624 bindsocket.bind(('myaddr.mydomain.com', 10023)) 1625 bindsocket.listen(5) 1626 1627 When a client connects, you'll call :meth:`accept` on the socket to get the 1628 new socket from the other end, and use the context's :meth:`SSLContext.wrap_socket` 1629 method to create a server-side SSL socket for the connection:: 1630 1631 while True: 1632 newsocket, fromaddr = bindsocket.accept() 1633 connstream = context.wrap_socket(newsocket, server_side=True) 1634 try: 1635 deal_with_client(connstream) 1636 finally: 1637 connstream.shutdown(socket.SHUT_RDWR) 1638 connstream.close() 1639 1640 Then you'll read data from the ``connstream`` and do something with it till you 1641 are finished with the client (or the client is finished with you):: 1642 1643 def deal_with_client(connstream): 1644 data = connstream.read() 1645 # null data means the client is finished with us 1646 while data: 1647 if not do_something(connstream, data): 1648 # we'll assume do_something returns False 1649 # when we're finished with client 1650 break 1651 data = connstream.read() 1652 # finished with client 1653 1654 And go back to listening for new client connections (of course, a real server 1655 would probably handle each client connection in a separate thread, or put 1656 the sockets in non-blocking mode and use an event loop). 1657 1658 1659 .. _ssl-nonblocking: 1660 1661 Notes on non-blocking sockets 1662 ----------------------------- 1663 1664 When working with non-blocking sockets, there are several things you need 1665 to be aware of: 1666 1667 - Calling :func:`~select.select` tells you that the OS-level socket can be 1668 read from (or written to), but it does not imply that there is sufficient 1669 data at the upper SSL layer. For example, only part of an SSL frame might 1670 have arrived. Therefore, you must be ready to handle :meth:`SSLSocket.recv` 1671 and :meth:`SSLSocket.send` failures, and retry after another call to 1672 :func:`~select.select`. 1673 1674 - Conversely, since the SSL layer has its own framing, a SSL socket may 1675 still have data available for reading without :func:`~select.select` 1676 being aware of it. Therefore, you should first call 1677 :meth:`SSLSocket.recv` to drain any potentially available data, and then 1678 only block on a :func:`~select.select` call if still necessary. 1679 1680 (of course, similar provisions apply when using other primitives such as 1681 :func:`~select.poll`, or those in the :mod:`selectors` module) 1682 1683 - The SSL handshake itself will be non-blocking: the 1684 :meth:`SSLSocket.do_handshake` method has to be retried until it returns 1685 successfully. Here is a synopsis using :func:`~select.select` to wait for 1686 the socket's readiness:: 1687 1688 while True: 1689 try: 1690 sock.do_handshake() 1691 break 1692 except ssl.SSLWantReadError: 1693 select.select([sock], [], []) 1694 except ssl.SSLWantWriteError: 1695 select.select([], [sock], []) 1696 1697 1698 .. _ssl-security: 1699 1700 Security considerations 1701 ----------------------- 1702 1703 Best defaults 1704 ^^^^^^^^^^^^^ 1705 1706 For **client use**, if you don't have any special requirements for your 1707 security policy, it is highly recommended that you use the 1708 :func:`create_default_context` function to create your SSL context. 1709 It will load the system's trusted CA certificates, enable certificate 1710 validation and hostname checking, and try to choose reasonably secure 1711 protocol and cipher settings. 1712 1713 If a client certificate is needed for the connection, it can be added with 1714 :meth:`SSLContext.load_cert_chain`. 1715 1716 By contrast, if you create the SSL context by calling the :class:`SSLContext` 1717 constructor yourself, it will not have certificate validation nor hostname 1718 checking enabled by default. If you do so, please read the paragraphs below 1719 to achieve a good security level. 1720 1721 Manual settings 1722 ^^^^^^^^^^^^^^^ 1723 1724 Verifying certificates 1725 '''''''''''''''''''''' 1726 1727 When calling the :class:`SSLContext` constructor directly, 1728 :const:`CERT_NONE` is the default. Since it does not authenticate the other 1729 peer, it can be insecure, especially in client mode where most of time you 1730 would like to ensure the authenticity of the server you're talking to. 1731 Therefore, when in client mode, it is highly recommended to use 1732 :const:`CERT_REQUIRED`. However, it is in itself not sufficient; you also 1733 have to check that the server certificate, which can be obtained by calling 1734 :meth:`SSLSocket.getpeercert`, matches the desired service. For many 1735 protocols and applications, the service can be identified by the hostname; 1736 in this case, the :func:`match_hostname` function can be used. This common 1737 check is automatically performed when :attr:`SSLContext.check_hostname` is 1738 enabled. 1739 1740 In server mode, if you want to authenticate your clients using the SSL layer 1741 (rather than using a higher-level authentication mechanism), you'll also have 1742 to specify :const:`CERT_REQUIRED` and similarly check the client certificate. 1743 1744 .. note:: 1745 1746 In client mode, :const:`CERT_OPTIONAL` and :const:`CERT_REQUIRED` are 1747 equivalent unless anonymous ciphers are enabled (they are disabled 1748 by default). 1749 1750 Protocol versions 1751 ''''''''''''''''' 1752 1753 SSL versions 2 and 3 are considered insecure and are therefore dangerous to 1754 use. If you want maximum compatibility between clients and servers, it is 1755 recommended to use :const:`PROTOCOL_SSLv23` as the protocol version and then 1756 disable SSLv2 and SSLv3 explicitly using the :data:`SSLContext.options` 1757 attribute:: 1758 1759 context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) 1760 context.options |= ssl.OP_NO_SSLv2 1761 context.options |= ssl.OP_NO_SSLv3 1762 1763 The SSL context created above will only allow TLSv1 and later (if 1764 supported by your system) connections. 1765 1766 Cipher selection 1767 '''''''''''''''' 1768 1769 If you have advanced security requirements, fine-tuning of the ciphers 1770 enabled when negotiating a SSL session is possible through the 1771 :meth:`SSLContext.set_ciphers` method. Starting from Python 2.7.9, the 1772 ssl module disables certain weak ciphers by default, but you may want 1773 to further restrict the cipher choice. Be sure to read OpenSSL's documentation 1774 about the `cipher list format <https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT>`_. 1775 If you want to check which ciphers are enabled by a given cipher list, use the 1776 ``openssl ciphers`` command on your system. 1777 1778 Multi-processing 1779 ^^^^^^^^^^^^^^^^ 1780 1781 If using this module as part of a multi-processed application (using, 1782 for example the :mod:`multiprocessing` or :mod:`concurrent.futures` modules), 1783 be aware that OpenSSL's internal random number generator does not properly 1784 handle forked processes. Applications must change the PRNG state of the 1785 parent process if they use any SSL feature with :func:`os.fork`. Any 1786 successful call of :func:`~ssl.RAND_add`, :func:`~ssl.RAND_bytes` or 1787 :func:`~ssl.RAND_pseudo_bytes` is sufficient. 1788 1789 1790 .. seealso:: 1791 1792 Class :class:`socket.socket` 1793 Documentation of underlying :mod:`socket` class 1794 1795 `SSL/TLS Strong Encryption: An Introduction <https://httpd.apache.org/docs/trunk/en/ssl/ssl_intro.html>`_ 1796 Intro from the Apache webserver documentation 1797 1798 `RFC 1422: Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management <https://www.ietf.org/rfc/rfc1422>`_ 1799 Steve Kent 1800 1801 `RFC 1750: Randomness Recommendations for Security <https://www.ietf.org/rfc/rfc1750>`_ 1802 D. Eastlake et. al. 1803 1804 `RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile <https://www.ietf.org/rfc/rfc3280>`_ 1805 Housley et. al. 1806 1807 `RFC 4366: Transport Layer Security (TLS) Extensions <https://www.ietf.org/rfc/rfc4366>`_ 1808 Blake-Wilson et. al. 1809 1810 `RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2 <https://tools.ietf.org/html/rfc5246>`_ 1811 T. Dierks et. al. 1812 1813 `RFC 6066: Transport Layer Security (TLS) Extensions <https://tools.ietf.org/html/rfc6066>`_ 1814 D. Eastlake 1815 1816 `IANA TLS: Transport Layer Security (TLS) Parameters <https://www.iana.org/assignments/tls-parameters/tls-parameters.xml>`_ 1817 IANA 1818
