TLSConfigurator

class mtf.network_port.tls.tls_dtls_config.TLSConfigurator

Configuration for TLS/DTLS.

args:

dst_address: The destination address (IP, port) tuple for the TLS/DTLS server or client.

src_address: The Source address (IP, port) tuple for the TLS/DTLS client (binding).

secure_version: The TLS/DTLS version to use.

max_secure_version: The maximum TLS/DTLS version to support.

min_secure_version: The minimum TLS/DTLS version to support.

psk_identity: The identity for PSK (Pre-Shared Key).

psk_identity_hint: Set the server PSK identity hint.

psk_key: The key for PSK.

certfile_path: The file path to the certificate file used by the DTLS/TLS server or client.

keyfile_path: The file path to the private key corresponding to the certificate

specified in certfile_path.

time_out: The timeout value for the TLS/DTLS connection. (ms for TLS-Attacker / s for OpenSSL)

backlog: The backlog value for the socket.

buffer_size: The buffer size for socket data.

cipher_list: The list of ciphers to support.

options: Additional options for the TLS/DTLS context.

curve_name: The elliptic curve to use for ECDHE key exchange.

server_name: The server name for SNI (Server Name Indication).

sni_callback: A callback function to handle server name indications.

ocsp_callback: Optional callback function for OCSP client/server validation.

ocsp_callback_data: Optional data for the OCSP client/server callback.

srtp_profiles: Optional SRTP profiles to use(DTLS).

alpn_protos: Optional list of ALPN protocols to advertise.

alpn_select_callback: Optional callback function for ALPN protocol selection.

client_ca_list: Optional list of client certificate authorities.

keylog_callback: Optional callback function to handle TLS key material logging.

keylog_file_path: Path to the key log file if the default key log callback is used.

record_version: The record version of TLS/DTLS, represented as a

tuple (major, minor) or as a ProtocolVersion enum.

tls_attacker_apps_path: The path to TLS-attacker applications

Notes:

• If keylog_callback is not provided, a default callback will be used. This default callback writes keying material to the file specified by keylog_file_path.

• Make sure to select the right cipher that supports both PSK and ECDHE. For example: ‘ECDHE-PSK-CHACHA20-POLY1305’. More supported ciphers can be found by running the command: openssl ciphers -v PSK

• The list of supported curves can be found in the documentation or by running: openssl ecparam -list_curves

• Selecting an unsupported curve will raise a ValueError

dst_address: tuple | None = None

src_address: tuple | None = None

session_id: str | None = 'AABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABB'

secure_version: Any | None = 7

max_secure_version: int = None

min_secure_version: int = None

psk_identity_hint: bytes | None = None

psk_identity: bytes | None = None

psk_key: bytes | None = None

certfile_path: str | None = None

keyfile_path: str | None = None

time_out: Any = 10000

backlog: int = 5

buffer_size: int = 1024

cipher_list: Any = b'TLS_PSK_WITH_AES_256_CBC_SHA'

options: int = None

curve_name: str | None = None

server_name: str | None = None

sni_callback: Callable[[Connection], None] | None = None

ocsp_callback: Callable[[Connection, bytes, Any | None], bool] | None = None

ocsp_callback_data: Any | None = None

srtp_profiles: str | None = None

alpn_protos: List[bytes] | None = None

alpn_select_callback: Callable[[Connection, List[bytes]], bytes | None] | None = None

client_ca_list: Sequence[X509Name] | None = None

keylog_callback: Callable[[Connection, bytes], None] | None = None

keylog_file_path: str = 'keylogfile.log'

record_version: ProtocolVersion | None = b'\x03\x01'

tls_attacker_apps_path: str | None = None

__init__(dst_address: tuple | None = None, src_address: tuple | None = None, session_id: str | None = 'AABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABB', secure_version: Any | None = 7, max_secure_version: int | None = None, min_secure_version: int | None = None, psk_identity_hint: bytes | None = None, psk_identity: bytes | None = None, psk_key: bytes | None = None, certfile_path: str | None = None, keyfile_path: str | None = None, time_out: Any = 10000, backlog: int = 5, buffer_size: int = 1024, cipher_list: Any = b'TLS_PSK_WITH_AES_256_CBC_SHA', options: int | None = None, curve_name: str | None = None, server_name: str | None = None, sni_callback: Callable[[Connection], None] | None = None, ocsp_callback: Callable[[Connection, bytes, Any | None], bool] | None = None, ocsp_callback_data: Any | None = None, srtp_profiles: str | None = None, alpn_protos: List[bytes] | None = None, alpn_select_callback: Callable[[Connection, List[bytes]], bytes | None] | None = None, client_ca_list: Sequence[X509Name] | None = None, keylog_callback: Callable[[Connection, bytes], None] | None = None, keylog_file_path: str = 'keylogfile.log', record_version: ProtocolVersion | None = ProtocolVersion.TLS10, tls_attacker_apps_path: str | None = None) → None