---------------
tinytls
---------------
tinytls is a pure python TLS1.3 protocol wrapper.
As a result of learning TLS1.3,
I wrote this as a sample implementation of TLS1.3 client.
Builtin ssl module (CPython3.7+, OpenSSL1.1.1+) can use as TLS1.3 client,
so there is no advantage to use it especially in Python 3.
Restriction
+++++++++++++++
- Available TLS1.3 only, not TLS1.2 or under.
- Support TLS_CHACHA20_POLY1305_SHA256 cipher suite only.
- Support X25519 key exchange only.
- It does not verify TLS certificate.
- Not support `0-RTT`
- Client certificate authentication is not available.
Supported Python
+++++++++++++++++++
- Python3.7+
- MicroPython
Example
++++++++
CPython
::
import socket
import tinytls
hostname = "enabled.tls13.com"
sock = socket.create_connection((hostname, 443))
with tinytls.wrap_socket(sock) as ssock:
ssock.send("GET / HTTP/1.1\r\nHost:{}\r\n\r\n".format(hostname).encode())
print(ssock.recv(4096).decode())
MicroPython
::
import usocket
import tinytls
hostname = "enabled.tls13.com"
sock = usocket.socket()
sock.connect(usocket.getaddrinfo(hostname, 443)[0][-1])
with tinytls.wrap_socket(sock) as ssock:
ssock.send("GET / HTTP/1.1\r\nHost:{}\r\n\r\n".format(hostname).encode())
print(ssock.recv(4096).decode())
Reference
++++++++++++++++++++
- https://github.com/tex2e/mako-tls13 (special thanks!)
- https://datatracker.ietf.org/doc/html/rfc8446
- https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant
- https://asecuritysite.com/encryption/python_25519ecdh
Check the server
+++++++++++++++++++++++++++++
If you cannot connect to the server with tinytls,
use a command like the following to check if the server can be connected
::
openssl s_client -tls1_3 -ciphersuites 'TLS_CHACHA20_POLY1305_SHA256' \
-state -debug -connect enabled.tls13.com:443
Raw data
{
"_id": null,
"home_page": "https://github.com/nakagami/tinytls/",
"name": "tinytls",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "TLS",
"author": "Hajime Nakagami",
"author_email": "nakagami@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/58/ed/e5c275d22f27e5ea3266649a7a5cfbb0fe800ef94ab3e7591bccee4c9c0c/tinytls-0.1.2.tar.gz",
"platform": null,
"description": "---------------\ntinytls\n---------------\n\ntinytls is a pure python TLS1.3 protocol wrapper.\n\nAs a result of learning TLS1.3, \nI wrote this as a sample implementation of TLS1.3 client.\n\nBuiltin ssl module (CPython3.7+, OpenSSL1.1.1+) can use as TLS1.3 client,\nso there is no advantage to use it especially in Python 3.\n\nRestriction\n+++++++++++++++\n\n- Available TLS1.3 only, not TLS1.2 or under.\n- Support TLS_CHACHA20_POLY1305_SHA256 cipher suite only.\n- Support X25519 key exchange only.\n- It does not verify TLS certificate.\n- Not support `0-RTT`\n- Client certificate authentication is not available.\n\nSupported Python\n+++++++++++++++++++\n\n- Python3.7+\n- MicroPython\n\nExample\n++++++++\n\nCPython\n::\n\n import socket\n import tinytls\n\n hostname = \"enabled.tls13.com\"\n\n sock = socket.create_connection((hostname, 443))\n with tinytls.wrap_socket(sock) as ssock:\n ssock.send(\"GET / HTTP/1.1\\r\\nHost:{}\\r\\n\\r\\n\".format(hostname).encode())\n print(ssock.recv(4096).decode())\n\nMicroPython\n::\n\n import usocket\n import tinytls\n\n hostname = \"enabled.tls13.com\"\n\n sock = usocket.socket()\n sock.connect(usocket.getaddrinfo(hostname, 443)[0][-1])\n\n with tinytls.wrap_socket(sock) as ssock:\n ssock.send(\"GET / HTTP/1.1\\r\\nHost:{}\\r\\n\\r\\n\".format(hostname).encode())\n print(ssock.recv(4096).decode())\n\nReference\n++++++++++++++++++++\n\n- https://github.com/tex2e/mako-tls13 (special thanks!)\n- https://datatracker.ietf.org/doc/html/rfc8446\n- https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant\n- https://asecuritysite.com/encryption/python_25519ecdh\n\nCheck the server\n+++++++++++++++++++++++++++++\n\nIf you cannot connect to the server with tinytls,\nuse a command like the following to check if the server can be connected\n\n::\n\n openssl s_client -tls1_3 -ciphersuites 'TLS_CHACHA20_POLY1305_SHA256' \\\n -state -debug -connect enabled.tls13.com:443",
"bugtrack_url": null,
"license": "MIT",
"summary": "TLS1.3 protocol wrapper",
"version": "0.1.2",
"project_urls": {
"Homepage": "https://github.com/nakagami/tinytls/"
},
"split_keywords": [
"tls"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "58ede5c275d22f27e5ea3266649a7a5cfbb0fe800ef94ab3e7591bccee4c9c0c",
"md5": "d9eff007845db8544132a0e63096a3a9",
"sha256": "762a8e3262bc234e70c344b5d212483a26941eee6eeb2dc63425fee6822101f2"
},
"downloads": -1,
"filename": "tinytls-0.1.2.tar.gz",
"has_sig": false,
"md5_digest": "d9eff007845db8544132a0e63096a3a9",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 12794,
"upload_time": "2023-09-23T06:34:44",
"upload_time_iso_8601": "2023-09-23T06:34:44.320646Z",
"url": "https://files.pythonhosted.org/packages/58/ed/e5c275d22f27e5ea3266649a7a5cfbb0fe800ef94ab3e7591bccee4c9c0c/tinytls-0.1.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-09-23 06:34:44",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "nakagami",
"github_project": "tinytls",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "tinytls"
}
JSON
