class QSsl

The QSsl namespace declares enums common to all SSL classes in Qt Network. More

Note

This documentation may contain snippets that were automatically translated from C++ to Python. We always welcome contributions to the snippet translation. If you see an issue with the translation, you can also let us know by creating a ticket on https:/bugreports.qt.io/projects/PYSIDE

Detailed Description

class KeyType

Describes the two types of keys QSslKey supports.

Constant

Description

QSsl.PrivateKey

A private key.

QSsl.PublicKey

A public key.

class EncodingFormat

Describes supported encoding formats for certificates and keys.

Constant

Description

QSsl.Pem

The PEM format.

QSsl.Der

The DER format.

class KeyAlgorithm

Describes the different key algorithms supported by QSslKey .

Constant

Description

QSsl.Rsa

The RSA algorithm.

QSsl.Dsa

The DSA algorithm.

QSsl.Ec

The Elliptic Curve algorithm.

QSsl.Dh

The Diffie-Hellman algorithm.

QSsl.Opaque

A key that should be treated as a ‘black box’ by QSslKey .

The opaque key facility allows applications to add support for facilities such as PKCS#11 that Qt does not currently offer natively.

class AlternativeNameEntryType

Describes the key types for alternative name entries in QSslCertificate .

Constant

Description

QSsl.EmailEntry

An email entry; the entry contains an email address that the certificate is valid for.

QSsl.DnsEntry

A DNS host name entry; the entry contains a host name entry that the certificate is valid for. The entry may contain wildcards.

QSsl.IpAddressEntry

An IP address entry; the entry contains an IP address entry that the certificate is valid for, introduced in Qt 5.13.

class SslProtocol

Describes the protocol of the cipher.

Constant

Description

QSsl.TlsV1_0

TLSv1.0

QSsl.TlsV1_0OrLater

TLSv1.0 and later versions.

QSsl.TlsV1_1

TLSv1.1.

QSsl.TlsV1_1OrLater

TLSv1.1 and later versions.

QSsl.TlsV1_2

TLSv1.2.

QSsl.TlsV1_2OrLater

TLSv1.2 and later versions.

QSsl.DtlsV1_0

DTLSv1.0

QSsl.DtlsV1_0OrLater

DTLSv1.0 and later versions.

QSsl.DtlsV1_2

DTLSv1.2

QSsl.DtlsV1_2OrLater

DTLSv1.2 and later versions.

QSsl.TlsV1_3

TLSv1.3. (Since Qt 5.12)

QSsl.TlsV1_3OrLater

TLSv1.3 and later versions. (Since Qt 5.12)

QSsl.UnknownProtocol

The cipher’s protocol cannot be determined.

QSsl.AnyProtocol

Any supported protocol. This value is used by QSslSocket only.

QSsl.SecureProtocols

The default option, using protocols known to be secure.

class SslOption

(inherits enum.Flag) Describes the options that can be used to control the details of SSL behaviour. These options are generally used to turn features off to work around buggy servers.

Constant

Description

QSsl.SslOptionDisableEmptyFragments

Disables the insertion of empty fragments into the data when using block ciphers. When enabled, this prevents some attacks (such as the BEAST attack), however it is incompatible with some servers.

QSsl.SslOptionDisableSessionTickets

Disables the SSL session ticket extension. This can cause slower connection setup, however some servers are not compatible with the extension.

QSsl.SslOptionDisableCompression

Disables the SSL compression extension. When enabled, this allows the data being passed over SSL to be compressed, however some servers are not compatible with this extension.

QSsl.SslOptionDisableServerNameIndication

Disables the SSL server name indication extension. When enabled, this tells the server the virtual host being accessed allowing it to respond with the correct certificate.

QSsl.SslOptionDisableLegacyRenegotiation

Disables the older insecure mechanism for renegotiating the connection parameters. When enabled, this option can allow connections for legacy servers, but it introduces the possibility that an attacker could inject plaintext into the SSL session.

QSsl.SslOptionDisableSessionSharing

Disables SSL session sharing via the session ID handshake attribute.

QSsl.SslOptionDisableSessionPersistence

Disables storing the SSL session in ASN.1 format as returned by sessionTicket() . Enabling this feature adds memory overhead of approximately 1K per used session ticket.

QSsl.SslOptionDisableServerCipherPreference

Disables selecting the cipher chosen based on the servers preferences rather than the order ciphers were sent by the client. This option is only relevant to server sockets, and is only honored by the OpenSSL backend.

By default, SslOptionDisableEmptyFragments is turned on since this causes problems with a large number of servers. SslOptionDisableLegacyRenegotiation is also turned on, since it introduces a security risk. SslOptionDisableCompression is turned on to prevent the attack publicised by CRIME. SslOptionDisableSessionPersistence is turned on to optimize memory usage. The other options are turned off.

Note

Availability of above options depends on the version of the SSL backend in use.

class AlertLevel

Describes the level of an alert message

This enum describes the level of an alert message that was sent or received.

Constant

Description

QSsl.AlertLevel.Warning

Non-fatal alert message

QSsl.AlertLevel.Fatal

Fatal alert message, the underlying backend will handle such an alert properly and close the connection.

QSsl.AlertLevel.Unknown

An alert of unknown level of severity.

class AlertType

Enumerates possible codes that an alert message can have

See RFC 8446, section 6 for the possible values and their meaning.

Constant

Description

QSsl.AlertType.CloseNotify

,

QSsl.AlertType.UnexpectedMessage

QSsl.AlertType.BadRecordMac

QSsl.AlertType.RecordOverflow

QSsl.AlertType.DecompressionFailure

QSsl.AlertType.HandshakeFailure

QSsl.AlertType.NoCertificate

QSsl.AlertType.BadCertificate

QSsl.AlertType.UnsupportedCertificate

QSsl.AlertType.CertificateRevoked

QSsl.AlertType.CertificateExpired

QSsl.AlertType.CertificateUnknown

QSsl.AlertType.IllegalParameter

QSsl.AlertType.UnknownCa

QSsl.AlertType.AccessDenied

QSsl.AlertType.DecodeError

QSsl.AlertType.DecryptError

QSsl.AlertType.ExportRestriction

QSsl.AlertType.ProtocolVersion

QSsl.AlertType.InsufficientSecurity

QSsl.AlertType.InternalError

QSsl.AlertType.InappropriateFallback

QSsl.AlertType.UserCancelled

QSsl.AlertType.NoRenegotiation

QSsl.AlertType.MissingExtension

QSsl.AlertType.UnsupportedExtension

QSsl.AlertType.CertificateUnobtainable

QSsl.AlertType.UnrecognizedName

QSsl.AlertType.BadCertificateStatusResponse

QSsl.AlertType.BadCertificateHashValue

QSsl.AlertType.UnknownPskIdentity

QSsl.AlertType.CertificateRequired

QSsl.AlertType.NoApplicationProtocol

QSsl.AlertType.UnknownAlertMessage

class ImplementedClass

Enumerates classes that a TLS backend implements

In QtNetwork , some classes have backend-specific implementation and thus can be left unimplemented. Enumerators in this enum indicate, which class has a working implementation in the backend.

Constant

Description

QSsl.ImplementedClass.Key

Class QSslKey .

QSsl.ImplementedClass.Certificate

Class QSslCertificate .

QSsl.ImplementedClass.Socket

Class QSslSocket .

QSsl.ImplementedClass.DiffieHellman

Class QSslDiffieHellmanParameters .

QSsl.ImplementedClass.EllipticCurve

Class QSslEllipticCurve .

QSsl.ImplementedClass.Dtls

Class QDtls .

QSsl.ImplementedClass.DtlsCookie

Class QDtlsClientVerifier .

Added in version 6.1.

class SupportedFeature

Enumerates possible features that a TLS backend supports

In QtNetwork TLS-related classes have public API, that may be left unimplemented by some backend, for example, our SecureTransport backend does not support server-side ALPN. Enumerators from SupportedFeature enum indicate that a particular feature is supported.

Constant

Description

QSsl.SupportedFeature.CertificateVerification

Indicates that verify() is implemented by the backend.

QSsl.SupportedFeature.ClientSideAlpn

Client-side ALPN (Application Layer Protocol Negotiation).

QSsl.SupportedFeature.ServerSideAlpn

Server-side ALPN.

QSsl.SupportedFeature.Ocsp

OCSP stapling (Online Certificate Status Protocol).

QSsl.SupportedFeature.Psk

Pre-shared keys.

QSsl.SupportedFeature.SessionTicket

Session tickets.

QSsl.SupportedFeature.Alerts

Information about alert messages sent and received.

Added in version 6.1.