forked from tlsfuzzer/tlslite-ng
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
30 lines (27 loc) · 1.36 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
tlslite-ng is a pure python implementation of SSLv3.0, TLS 1.0, TLS 1.1 and
TLS 1.2 protocols.
It can use pycrypto, m2crypto and gmp for acceleration of cryptographic
operations but is not dependant upon them.
Functionality implemented include:
- all above mentioned protocols, including support for client certificates
(RFC 6101, RFC 2246, RFC 4346, RFC 5246)
- RC4, 3DES-CBC, AES-CBC, AES-GCM and ChaCha20 ciphers (RFC 5246, RFC 6347,
RFC 4492, RFC 5288, RFC 5289, RFC 7539)
- MD5, SHA1, SHA256 and SHA384 HMACs as well as AEAD mode of operation in GCM
or Poly1305 authenticator
- RSA, DHE_RSA and ECDHE_RSA key exchange
- full set of signature hashes (md5, sha1, sha224, sha256, sha384 and sha512)
for ServerKeyExchange and CertfificateVerify in TLS v1.2
- secp256r1, secp384r1, secp521r1, secp256k1, secp224r1 and secp192r1 curves
for ECDHE_RSA key exchange (support for last two depends on the version
of ecdsa library used)
- anonymous DHE key exchange
- anonymous ECDH key exchange in client
- NULL encryption ciphersuites
- FALLBACK_SCSV (RFC 7507)
- encrypt-then-MAC mode of operation for CBC ciphersuites (RFC 7366)
- client certificates
- TACK certificate pinning
- SRP_SHA_RSA and SRP_SHA ciphersuites (RFC 5054)
tlslite-ng aims to be a drop-in replacement for tlslite while providing more
comprehensive set of features and more secure defautls.