1
2
3
4 """Class representing a TLS session."""
5
6 from .utils.compat import *
7 from .mathtls import *
8 from .constants import *
9
11 """
12 This class represents a TLS session.
13
14 TLS distinguishes between connections and sessions. A new
15 handshake creates both a connection and a session. Data is
16 transmitted over the connection.
17
18 The session contains a more permanent record of the handshake. The
19 session can be inspected to determine handshake results. The
20 session can also be used to create a new connection through
21 "session resumption". If the client and server both support this,
22 they can create a new connection based on an old session without
23 the overhead of a full handshake.
24
25 The session for a L{tlslite.TLSConnection.TLSConnection} can be
26 retrieved from the connection's 'session' attribute.
27
28 @type srpUsername: str
29 @ivar srpUsername: The client's SRP username (or None).
30
31 @type clientCertChain: L{tlslite.x509certchain.X509CertChain}
32 @ivar clientCertChain: The client's certificate chain (or None).
33
34 @type serverCertChain: L{tlslite.x509certchain.X509CertChain}
35 @ivar serverCertChain: The server's certificate chain (or None).
36 """
37
39 self.masterSecret = createByteArraySequence([])
40 self.sessionID = createByteArraySequence([])
41 self.cipherSuite = 0
42 self.srpUsername = None
43 self.clientCertChain = None
44 self.serverCertChain = None
45 self.tackExt = None
46 self.resumable = False
47
48 - def create(self, masterSecret, sessionID, cipherSuite,
49 srpUsername, clientCertChain, serverCertChain,
50 tackExt, resumable=True):
51 self.masterSecret = masterSecret
52 self.sessionID = sessionID
53 self.cipherSuite = cipherSuite
54 self.srpUsername = srpUsername
55 self.clientCertChain = clientCertChain
56 self.serverCertChain = serverCertChain
57 self.tackExt = tackExt
58 self.resumable = resumable
59
61 other = Session()
62 other.masterSecret = self.masterSecret
63 other.sessionID = self.sessionID
64 other.cipherSuite = self.cipherSuite
65 other.srpUsername = self.srpUsername
66 other.clientCertChain = self.clientCertChain
67 other.serverCertChain = self.serverCertChain
68 other.tackExt = self.tackExt
69 other.resumable = self.resumable
70 return other
71
73 """If this session can be used for session resumption.
74
75 @rtype: bool
76 @return: If this session can be used for session resumption.
77 """
78 return self.resumable and self.sessionID
79
81
82 if (not boolean) or (boolean and self.sessionID):
83 self.resumable = boolean
84
86 if self.tackExt and self.tackExt.tack:
87 return self.tackExt.tack.getTACKID()
88 else:
89 return None
90
92 if self.tackExt and self.tackExt.break_sigs:
93 return self.tackExt.break_sigs
94 else:
95 return None
96
98 """Get the name of the cipher used with this connection.
99
100 @rtype: str
101 @return: The name of the cipher used with this connection.
102 Either 'aes128', 'aes256', 'rc4', or '3des'.
103 """
104 if self.cipherSuite in CipherSuite.aes128Suites:
105 return "aes128"
106 elif self.cipherSuite in CipherSuite.aes256Suites:
107 return "aes256"
108 elif self.cipherSuite in CipherSuite.rc4Suites:
109 return "rc4"
110 elif self.cipherSuite in CipherSuite.tripleDESSuites:
111 return "3des"
112 else:
113 return None
114