crossbar.common.twisted.tlsctx

Attributes

ECDH_DEFAULT_CURVE
ECDH_DEFAULT_CURVE_NAME
ELLIPTIC_CURVES
SSL_DEFAULT_CIPHERS
SSL_DEFAULT_OPTIONS

Classes

TlsClientContextFactory	A context factory for SSL clients.
TlsServerContextFactory	TLS context factory for use with Twisted.

Module Contents

ECDH_DEFAULT_CURVE

ECDH_DEFAULT_CURVE_NAME = 'prime256v1'

ELLIPTIC_CURVES

SSL_DEFAULT_CIPHERS = 'ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA...

SSL_DEFAULT_OPTIONS

class TlsClientContextFactory

Bases: twisted.internet.ssl.ClientContextFactory

A context factory for SSL clients.

class TlsServerContextFactory(privateKeyString, certificateString, chainedCertificate=True, dhParamFilename=None, ciphers=None, ca_certs=[])

Bases: twisted.internet.ssl.DefaultOpenSSLContextFactory

TLS context factory for use with Twisted.

Like the default

http://twistedmatrix.com/trac/browser/tags/releases/twisted-11.1.0/twisted/internet/ssl.py#L42

but loads key/cert from string, not file and supports chained certificates.

See also

http://pyopenssl.sourceforge.net/pyOpenSSL.html/openssl-context.html http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html

Chained certificates:

The certificates must be in PEM format and must be sorted starting with the subject’s certificate (actual client or server certificate), followed by intermediate CA certificates if applicable, and ending at the highest level (root) CA.

Hardening:

http://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com

_ca_certs = []

_certificateString = b''

_chainedCertificate = True

_ciphers = None

_contextFactory

_dhParamFilename = None

_privateKeyString = b''

_verify_peer(conn, cert, errno, depth, preverify_ok)

cacheContext()

log

sslmethod = 3