Tls Dtls Config Module

class mtf.network_port.tls.tls_dtls_config.SecureSocketType

Enum representing types of secure socket protocols.

Attributes:

DTLSstr: Datagram Transport Layer Security (DTLS) protocol type, a variant of TLS used for datagram-based applications.
TLSstr: Transport Layer Security (TLS) protocol type, widely used for securing communication over a computer network.

DTLS

TLS

class mtf.network_port.tls.tls_dtls_config.ProtocolVersion

Enum representing different versions of SSL/TLS protocols.

Attributes:

SSL2tuple: Secure Sockets Layer version 2.0, an early and now deprecated version of SSL.
SSL3tuple: Secure Sockets Layer version 3.0, a more secure version than SSL2 but still deprecated.
TLS10tuple: Transport Layer Security version 1.0, the first version of TLS succeeding SSL3.
TLS11tuple: Transport Layer Security version 1.1, an improvement over TLS 1.0 with better security features.
TLS12tuple: Transport Layer Security version 1.2, widely used with advanced security features compared to previous versions.
TLS13tuple: Transport Layer Security version 1.3, the latest and most secure version of the TLS protocol.

SSL2

SSL3

TLS10

TLS11

TLS12

TLS13

class mtf.network_port.tls.tls_dtls_config.TlsExtensionType

Enum representing the different types of TLS extensions.

TLS extensions are used in the TLS handshake to negotiate various parameters between the client and server. Each extension type corresponds to a specific functionality that can be negotiated or enabled during the handshake.

Attributes:: SERVER_NAME (int): Server Name Indication (SNI) extension, value 0. MAX_FRAGMENT_LENGTH (int): Maximum Fragment Length extension, value 1. STATUS_REQUEST (int): Certificate Status Request extension, value 5. USER_MAPPING (int): User Mapping extension, value 6. CLIENT_AUTHZ (int): Client Authorization extension, value 7. CERT_TYPE (int): Certificate Type extension, value 9. SUPPORTED_GROUPS (int): Supported Elliptic Curves extension, value 10. EC_POINT_FORMATS (int): Supported EC Point Formats extension, value 11. SRP (int): Secure Remote Password extension, value 12. SIGNATURE_ALGORITHMS (int): Signature Algorithms extension, value 13. USE_SRTP (int): Use SRTP extension, value 14. HEARTBEAT (int): Heartbeat extension, value 15. ALPN (int): Application-Layer Protocol Negotiation (ALPN) extension, value 16. STATUS_REQUEST_V2 (int): Status Request Version 2 extension, value 17. CLIENT_CERT_TYPE (int): Client Certificate Type extension, value 19. SERVER_CERT_TYPE (int): Server Certificate Type extension, value 20. PADDING (int): Padding extension, value 21. ENCRYPT_THEN_MAC (int): Encrypt-Then-MAC extension, value 22. EXTENDED_MASTER_SECRET (int): Extended Master Secret extension, value 23. SESSION_TICKET (int): Session Ticket extension, value 35. EXTENDED_RANDOM (int): Extended Random extension, value 40. EARLY_DATA (int): Early Data extension, value 42. POST_HANDSHAKE_AUTH (int): Post-Handshake Authentication extension, value 49. COMPRESS_CERTIFICATE (int): Compress Certificate extension, value 27. RECORD_SIZE_LIMIT (int): Record Size Limit extension, value 28. PSK_IDENTITY (int): Pre-Shared Key Identity extension, value 41. SUPPORTED_VERSIONS (int): Supported Versions extension, value 43. COOKIE (int): Cookie extension, value 44. PSK_KEY_EXCHANGE_MODES (int): PSK Key Exchange Modes extension, value 45. SIGNATURE_ALGORITHMS_CERT (int): Signature Algorithms for Certificates extension, value 50. KEY_SHARE (int): Key Share extension, value 51. TRANSPARENCY_INFO (int): Certificate Transparency extension, value 52. CONNECTION_ID_DEPRECATED (int): Deprecated Connection ID extension, value 53. CONNECTION_ID (int): Connection ID extension, value 54. EXTERNAL_ID_HASH (int): External ID Hash extension, value 55. EXTERNAL_SESSION_ID (int): External Session ID extension, value 56. QUIC_TRANSPORT_PARAMETERS (int): QUIC Transport Parameters extension, value 57. TICKET_REQUEST (int): Ticket Request extension, value 58. DNSSEC_CHAIN (int): DNSSEC Chain extension, value 59. NPN (int): Next Protocol Negotiation (NPN) extension, value 13172. RENEGOTIATION_INFO (int): Renegotiation Info extension, value 65281.

SERVER_NAME

MAX_FRAGMENT_LENGTH

STATUS_REQUEST

USER_MAPPING

CLIENT_AUTHZ

CERT_TYPE

SUPPORTED_GROUPS

EC_POINT_FORMATS

SRP

SIGNATURE_ALGORITHMS

USE_SRTP

HEARTBEAT

ALPN

STATUS_REQUEST_V2

CLIENT_CERT_TYPE

SERVER_CERT_TYPE

PADDING

ENCRYPT_THEN_MAC

EXTENDED_MASTER_SECRET

SESSION_TICKET

EXTENDED_RANDOM

EARLY_DATA

POST_HANDSHAKE_AUTH

COMPRESS_CERTIFICATE

RECORD_SIZE_LIMIT

PSK_IDENTITY

SUPPORTED_VERSIONS

COOKIE

PSK_KEY_EXCHANGE_MODES

SIGNATURE_ALGORITHMS_CERT

KEY_SHARE

TRANSPARENCY_INFO

CONNECTION_ID_DEPRECATED

CONNECTION_ID

EXTERNAL_ID_HASH

EXTERNAL_SESSION_ID

QUIC_TRANSPORT_PARAMETERS

TICKET_REQUEST

DNSSEC_CHAIN

NPN

RENEGOTIATION_INFO

class mtf.network_port.tls.tls_dtls_config.TLSConfigurator

Configuration for TLS/DTLS.

args:

address: The destination address (IP, port) tuple for the TLS/DTLS server or client. src_address: The Source address (IP, port) tuple for the TLS/DTLS client (binding). secure_version: The TLS/DTLS version to use. socket_type: The type of socket (TLS or DTLS). max_secure_version: The maximum TLS/DTLS version to support. min_secure_version: The minimum TLS/DTLS version to support. psk_identity: The identity for PSK (Pre-Shared Key). psk_key: The key for PSK. time_out: The timeout value for the TLS/DTLS connection. backlog: The backlog value for the socket. buffer_size: The buffer size for socket data. cipher_list: The list of ciphers to support. options: Additional options for the TLS/DTLS context. curve_name: The elliptic curve to use for ECDHE key exchange. server_name: The server name for SNI (Server Name Indication). sni_callback: A callback function to handle server name indications. ocsp_callback: Optional callback function for OCSP client/server validation. ocsp_callback_data: Optional data for the OCSP client/server callback. srtp_profiles: Optional SRTP profiles to use(DTLS). alpn_protos: Optional list of ALPN protocols to advertise. alpn_select_callback: Optional callback function for ALPN protocol selection. client_ca_list: Optional list of client certificate authorities. keylog_callback: Optional callback function to handle TLS key material logging. keylog_file_path: Path to the key log file if the default key log callback is used. record_version: The record version of TLS/DTLS, represented as a tuple (major, minor) or as a ProtocolVersion enum.

Notes:

If keylog_callback is not provided, a default callback will be used. This default callback writes keying material to the file specified by keylog_file_path.
Make sure to select the right cipher that supports both PSK and ECDHE. For example: ‘ECDHE-PSK-CHACHA20-POLY1305’. More supported ciphers can be found by running the command: openssl ciphers -v PSK
The list of supported curves can be found in the documentation or by running: openssl ecparam -list_curves
Selecting an unsupported curve will raise a ValueError

address: tuple

socket_type: SecureSocketType

src_address: tuple | None

secure_version: int | None

max_secure_version: int

min_secure_version: int

psk_identity: bytes

psk_key: bytes

time_out: float

backlog: int

buffer_size: int

cipher_list: bytes

options: int

curve_name: str | None

server_name: str | None

sni_callback: Callable[[Connection], None] | None

ocsp_callback: Callable[[Connection, bytes, Any | None], bool] | None

ocsp_callback_data: Any | None

srtp_profiles: str | None

alpn_protos: List[bytes] | None

alpn_select_callback: Callable[[Connection, List[bytes]], bytes | None] | None

client_ca_list: Sequence[X509Name] | None

keylog_callback: Callable[[Connection, bytes], None] | None

keylog_file_path: str

record_version: ProtocolVersion | None

__init__(address: tuple, socket_type: SecureSocketType, src_address: tuple | None = None, secure_version: int | None = 7, max_secure_version: int | None = None, min_secure_version: int | None = None, psk_identity: bytes = b'client-identity', psk_key: bytes = b'mysecretpskkey', time_out: float = 5.0, backlog: int = 5, buffer_size: int = 1024, cipher_list: bytes = b'PSK-AES256-CBC-SHA', options: int | None = None, curve_name: str | None = None, server_name: str | None = None, sni_callback: Callable[[Connection], None] | None = None, ocsp_callback: Callable[[Connection, bytes, Any | None], bool] | None = None, ocsp_callback_data: Any | None = None, srtp_profiles: str | None = None, alpn_protos: List[bytes] | None = None, alpn_select_callback: Callable[[Connection, List[bytes]], bytes | None] | None = None, client_ca_list: Sequence[X509Name] | None = None, keylog_callback: Callable[[Connection, bytes], None] | None = None, keylog_file_path: str = 'keylogfile.log', record_version: ProtocolVersion | None = ProtocolVersion.TLS10) → None