TLSConfigurator
- class mtf.network_port.tls.tls_dtls_config.TLSConfigurator
Configuration for TLS/DTLS.
- args:
address: The destination address (IP, port) tuple for the TLS/DTLS server or client. src_address: The Source address (IP, port) tuple for the TLS/DTLS client (binding). secure_version: The TLS/DTLS version to use. socket_type: The type of socket (TLS or DTLS). max_secure_version: The maximum TLS/DTLS version to support. min_secure_version: The minimum TLS/DTLS version to support. psk_identity: The identity for PSK (Pre-Shared Key). psk_key: The key for PSK. time_out: The timeout value for the TLS/DTLS connection. backlog: The backlog value for the socket. buffer_size: The buffer size for socket data. cipher_list: The list of ciphers to support. options: Additional options for the TLS/DTLS context. curve_name: The elliptic curve to use for ECDHE key exchange. server_name: The server name for SNI (Server Name Indication). sni_callback: A callback function to handle server name indications. ocsp_callback: Optional callback function for OCSP client/server validation. ocsp_callback_data: Optional data for the OCSP client/server callback. srtp_profiles: Optional SRTP profiles to use(DTLS). alpn_protos: Optional list of ALPN protocols to advertise. alpn_select_callback: Optional callback function for ALPN protocol selection. client_ca_list: Optional list of client certificate authorities. keylog_callback: Optional callback function to handle TLS key material logging. keylog_file_path: Path to the key log file if the default key log callback is used. record_version: The record version of TLS/DTLS, represented as a tuple (major, minor) or as a ProtocolVersion enum.
- Notes:
If keylog_callback is not provided, a default callback will be used. This default callback writes keying material to the file specified by keylog_file_path.
Make sure to select the right cipher that supports both PSK and ECDHE. For example: ‘ECDHE-PSK-CHACHA20-POLY1305’. More supported ciphers can be found by running the command: openssl ciphers -v PSK
The list of supported curves can be found in the documentation or by running: openssl ecparam -list_curves
Selecting an unsupported curve will raise a ValueError
- address: tuple
- socket_type: SecureSocketType
- src_address: tuple | None = None
- secure_version: int | None = 7
- max_secure_version: int = None
- min_secure_version: int = None
- psk_identity: bytes = b'client-identity'
- psk_key: bytes = b'mysecretpskkey'
- time_out: float = 5.0
- backlog: int = 5
- buffer_size: int = 1024
- cipher_list: bytes = b'PSK-AES256-CBC-SHA'
- options: int = None
- curve_name: str | None = None
- server_name: str | None = None
- sni_callback: Callable[[Connection], None] | None = None
- ocsp_callback: Callable[[Connection, bytes, Any | None], bool] | None = None
- ocsp_callback_data: Any | None = None
- srtp_profiles: str | None = None
- alpn_protos: List[bytes] | None = None
- alpn_select_callback: Callable[[Connection, List[bytes]], bytes | None] | None = None
- client_ca_list: Sequence[X509Name] | None = None
- keylog_callback: Callable[[Connection, bytes], None] | None = None
- keylog_file_path: str = 'keylogfile.log'
- record_version: ProtocolVersion | None = (3, 1)
- __init__(address: tuple, socket_type: SecureSocketType, src_address: tuple | None = None, secure_version: int | None = 7, max_secure_version: int | None = None, min_secure_version: int | None = None, psk_identity: bytes = b'client-identity', psk_key: bytes = b'mysecretpskkey', time_out: float = 5.0, backlog: int = 5, buffer_size: int = 1024, cipher_list: bytes = b'PSK-AES256-CBC-SHA', options: int | None = None, curve_name: str | None = None, server_name: str | None = None, sni_callback: Callable[[Connection], None] | None = None, ocsp_callback: Callable[[Connection, bytes, Any | None], bool] | None = None, ocsp_callback_data: Any | None = None, srtp_profiles: str | None = None, alpn_protos: List[bytes] | None = None, alpn_select_callback: Callable[[Connection, List[bytes]], bytes | None] | None = None, client_ca_list: Sequence[X509Name] | None = None, keylog_callback: Callable[[Connection, bytes], None] | None = None, keylog_file_path: str = 'keylogfile.log', record_version: ProtocolVersion | None = ProtocolVersion.TLS10) None