module documentation

This module implements memory BIO based TLS support. It is the preferred implementation and will be used whenever pyOpenSSL 0.10 or newer is installed (whenever twisted.protocols.tls is importable).

Present Since
11.1
Class ClientMixin A mixin for twisted.internet.tcp.Client which just marks it as a client for the purposes of the default TLS handshake.
Class ConnectionMixin A mixin for twisted.internet.abstract.FileDescriptor which adds an ITLSTransport implementation.
Class ServerMixin A mixin for twisted.internet.tcp.Server which just marks it as a server for the purposes of the default TLS handshake.
Function startTLS Add a layer of SSL to a transport.
Class _BypassTLS _BypassTLS is used as the transport object for the TLS protocol object used to implement startTLS. Its methods skip any TLS logic which startTLS enables.
def startTLS(transport, contextFactory, normal, bypass): (source) ΒΆ

Add a layer of SSL to a transport.

Parameters
transport

The transport which will be modified. This can either by a FileDescriptor or a FileHandle. The actual requirements of this instance are that it have:

  • a _tlsClientDefault attribute indicating whether the transport is a client (True) or a server (False)
  • a settable TLS attribute which can be used to mark the fact that SSL has been started
  • settable getHandle and getPeerCertificate attributes so these ISSLTransport methods can be added to it
  • a protocol attribute referring to the IProtocol currently connected to the transport, which can also be set to a new IProtocol for the transport to deliver data to
contextFactory:twisted.internet.interfaces.IOpenSSLContextFactoryAn SSL context factory defining SSL parameters for the new SSL layer.
normal:boolA flag indicating whether SSL will go in the same direction as the underlying transport goes. That is, if the SSL client will be the underlying client and the SSL server will be the underlying server. True means it is the same, False means they are switched.
bypass:typeA transport base class to call methods on to bypass the new SSL layer (so that the SSL layer itself can send its bytes).