class QSsl¶

The QSsl namespace declares enums common to all SSL classes in Qt Network. More…

Note

This documentation may contain snippets that were automatically translated from C++ to Python. We always welcome contributions to the snippet translation. If you see an issue with the translation, you can also let us know by creating a ticket on https:/bugreports.qt.io/projects/PYSIDE

Detailed Description¶

class KeyType¶

Describes the two types of keys QSslKey supports.

Constant

Description

QSsl.PrivateKey

A private key.

QSsl.PublicKey

A public key.

Constant	Description
QSsl.PrivateKey	A private key.
QSsl.PublicKey	A public key.

class EncodingFormat¶

Describes supported encoding formats for certificates and keys.

Constant

Description

QSsl.Pem

The PEM format.

QSsl.Der

The DER format.

Constant	Description
QSsl.Pem	The PEM format.
QSsl.Der	The DER format.

class KeyAlgorithm¶

Describes the different key algorithms supported by QSslKey .

Constant

Description

QSsl.Rsa

The RSA algorithm.

QSsl.Dsa

The DSA algorithm.

QSsl.Ec

The Elliptic Curve algorithm.

QSsl.Dh

The Diffie-Hellman algorithm.

QSsl.Opaque

A key that should be treated as a ‘black box’ by QSslKey .

Constant	Description
QSsl.Rsa	The RSA algorithm.
QSsl.Dsa	The DSA algorithm.
QSsl.Ec	The Elliptic Curve algorithm.
QSsl.Dh	The Diffie-Hellman algorithm.
QSsl.Opaque	A key that should be treated as a ‘black box’ by `QSslKey` .

The opaque key facility allows applications to add support for facilities such as PKCS#11 that Qt does not currently offer natively.

class AlternativeNameEntryType¶

Describes the key types for alternative name entries in QSslCertificate .

Constant

Description

QSsl.EmailEntry

An email entry; the entry contains an email address that the certificate is valid for.

QSsl.DnsEntry

A DNS host name entry; the entry contains a host name entry that the certificate is valid for. The entry may contain wildcards.

QSsl.IpAddressEntry

An IP address entry; the entry contains an IP address entry that the certificate is valid for, introduced in Qt 5.13.

See also

subjectAlternativeNames()

Constant	Description
QSsl.EmailEntry	An email entry; the entry contains an email address that the certificate is valid for.
QSsl.DnsEntry	A DNS host name entry; the entry contains a host name entry that the certificate is valid for. The entry may contain wildcards.
QSsl.IpAddressEntry	An IP address entry; the entry contains an IP address entry that the certificate is valid for, introduced in Qt 5.13.

class SslProtocol¶

Describes the protocol of the cipher.

Constant

Description

QSsl.TlsV1_0

TLSv1.0

QSsl.TlsV1_0OrLater

TLSv1.0 and later versions.

QSsl.TlsV1_1

TLSv1.1.

QSsl.TlsV1_1OrLater

TLSv1.1 and later versions.

QSsl.TlsV1_2

TLSv1.2.

QSsl.TlsV1_2OrLater

TLSv1.2 and later versions.

QSsl.DtlsV1_0

DTLSv1.0

QSsl.DtlsV1_0OrLater

DTLSv1.0 and later versions.

QSsl.DtlsV1_2

DTLSv1.2

QSsl.DtlsV1_2OrLater

DTLSv1.2 and later versions.

QSsl.TlsV1_3

TLSv1.3. (Since Qt 5.12)

QSsl.TlsV1_3OrLater

TLSv1.3 and later versions. (Since Qt 5.12)

QSsl.UnknownProtocol

The cipher’s protocol cannot be determined.

QSsl.AnyProtocol

Any supported protocol. This value is used by QSslSocket only.

QSsl.SecureProtocols

The default option, using protocols known to be secure.

Constant	Description
QSsl.TlsV1_0	TLSv1.0
QSsl.TlsV1_0OrLater	TLSv1.0 and later versions.
QSsl.TlsV1_1	TLSv1.1.
QSsl.TlsV1_1OrLater	TLSv1.1 and later versions.
QSsl.TlsV1_2	TLSv1.2.
QSsl.TlsV1_2OrLater	TLSv1.2 and later versions.
QSsl.DtlsV1_0	DTLSv1.0
QSsl.DtlsV1_0OrLater	DTLSv1.0 and later versions.
QSsl.DtlsV1_2	DTLSv1.2
QSsl.DtlsV1_2OrLater	DTLSv1.2 and later versions.
QSsl.TlsV1_3	TLSv1.3. (Since Qt 5.12)
QSsl.TlsV1_3OrLater	TLSv1.3 and later versions. (Since Qt 5.12)
QSsl.UnknownProtocol	The cipher’s protocol cannot be determined.
QSsl.AnyProtocol	Any supported protocol. This value is used by `QSslSocket` only.
QSsl.SecureProtocols	The default option, using protocols known to be secure.

class SslOption¶

(inherits enum.Flag) Describes the options that can be used to control the details of SSL behaviour. These options are generally used to turn features off to work around buggy servers.

Constant

Description

QSsl.SslOptionDisableEmptyFragments

Disables the insertion of empty fragments into the data when using block ciphers. When enabled, this prevents some attacks (such as the BEAST attack), however it is incompatible with some servers.

QSsl.SslOptionDisableSessionTickets

Disables the SSL session ticket extension. This can cause slower connection setup, however some servers are not compatible with the extension.

QSsl.SslOptionDisableCompression

Disables the SSL compression extension. When enabled, this allows the data being passed over SSL to be compressed, however some servers are not compatible with this extension.

QSsl.SslOptionDisableServerNameIndication

Disables the SSL server name indication extension. When enabled, this tells the server the virtual host being accessed allowing it to respond with the correct certificate.

QSsl.SslOptionDisableLegacyRenegotiation

Disables the older insecure mechanism for renegotiating the connection parameters. When enabled, this option can allow connections for legacy servers, but it introduces the possibility that an attacker could inject plaintext into the SSL session.

QSsl.SslOptionDisableSessionSharing

Disables SSL session sharing via the session ID handshake attribute.

QSsl.SslOptionDisableSessionPersistence

Disables storing the SSL session in ASN.1 format as returned by sessionTicket() . Enabling this feature adds memory overhead of approximately 1K per used session ticket.

QSsl.SslOptionDisableServerCipherPreference

Disables selecting the cipher chosen based on the servers preferences rather than the order ciphers were sent by the client. This option is only relevant to server sockets, and is only honored by the OpenSSL backend.

Constant	Description
QSsl.SslOptionDisableEmptyFragments	Disables the insertion of empty fragments into the data when using block ciphers. When enabled, this prevents some attacks (such as the BEAST attack), however it is incompatible with some servers.
QSsl.SslOptionDisableSessionTickets	Disables the SSL session ticket extension. This can cause slower connection setup, however some servers are not compatible with the extension.
QSsl.SslOptionDisableCompression	Disables the SSL compression extension. When enabled, this allows the data being passed over SSL to be compressed, however some servers are not compatible with this extension.
QSsl.SslOptionDisableServerNameIndication	Disables the SSL server name indication extension. When enabled, this tells the server the virtual host being accessed allowing it to respond with the correct certificate.
QSsl.SslOptionDisableLegacyRenegotiation	Disables the older insecure mechanism for renegotiating the connection parameters. When enabled, this option can allow connections for legacy servers, but it introduces the possibility that an attacker could inject plaintext into the SSL session.
QSsl.SslOptionDisableSessionSharing	Disables SSL session sharing via the session ID handshake attribute.
QSsl.SslOptionDisableSessionPersistence	Disables storing the SSL session in ASN.1 format as returned by `sessionTicket()` . Enabling this feature adds memory overhead of approximately 1K per used session ticket.
QSsl.SslOptionDisableServerCipherPreference	Disables selecting the cipher chosen based on the servers preferences rather than the order ciphers were sent by the client. This option is only relevant to server sockets, and is only honored by the OpenSSL backend.

By default, SslOptionDisableEmptyFragments is turned on since this causes problems with a large number of servers. SslOptionDisableLegacyRenegotiation is also turned on, since it introduces a security risk. SslOptionDisableCompression is turned on to prevent the attack publicised by CRIME. SslOptionDisableSessionPersistence is turned on to optimize memory usage. The other options are turned off.

Note

Availability of above options depends on the version of the SSL backend in use.

class AlertLevel¶

Describes the level of an alert message

This enum describes the level of an alert message that was sent or received.

Constant

Description

QSsl.AlertLevel.Warning

Non-fatal alert message

QSsl.AlertLevel.Fatal

Fatal alert message, the underlying backend will handle such an alert properly and close the connection.

QSsl.AlertLevel.Unknown

An alert of unknown level of severity.

Constant	Description
QSsl.AlertLevel.Warning	Non-fatal alert message
QSsl.AlertLevel.Fatal	Fatal alert message, the underlying backend will handle such an alert properly and close the connection.
QSsl.AlertLevel.Unknown	An alert of unknown level of severity.

class AlertType¶

Enumerates possible codes that an alert message can have

See RFC 8446, section 6 for the possible values and their meaning.

Constant

Description

QSsl.AlertType.CloseNotify

,

QSsl.AlertType.UnexpectedMessage

QSsl.AlertType.BadRecordMac

QSsl.AlertType.RecordOverflow

QSsl.AlertType.DecompressionFailure

QSsl.AlertType.HandshakeFailure

QSsl.AlertType.NoCertificate

QSsl.AlertType.BadCertificate

QSsl.AlertType.UnsupportedCertificate

QSsl.AlertType.CertificateRevoked

QSsl.AlertType.CertificateExpired

QSsl.AlertType.CertificateUnknown

QSsl.AlertType.IllegalParameter

QSsl.AlertType.UnknownCa

QSsl.AlertType.AccessDenied

QSsl.AlertType.DecodeError

QSsl.AlertType.DecryptError

QSsl.AlertType.ExportRestriction

QSsl.AlertType.ProtocolVersion

QSsl.AlertType.InsufficientSecurity

QSsl.AlertType.InternalError

QSsl.AlertType.InappropriateFallback

QSsl.AlertType.UserCancelled

QSsl.AlertType.NoRenegotiation

QSsl.AlertType.MissingExtension

QSsl.AlertType.UnsupportedExtension

QSsl.AlertType.CertificateUnobtainable

QSsl.AlertType.UnrecognizedName

QSsl.AlertType.BadCertificateStatusResponse

QSsl.AlertType.BadCertificateHashValue

QSsl.AlertType.UnknownPskIdentity

QSsl.AlertType.CertificateRequired

QSsl.AlertType.NoApplicationProtocol

QSsl.AlertType.UnknownAlertMessage

Constant	Description
QSsl.AlertType.CloseNotify	,
QSsl.AlertType.UnexpectedMessage
QSsl.AlertType.BadRecordMac
QSsl.AlertType.RecordOverflow
QSsl.AlertType.DecompressionFailure
QSsl.AlertType.HandshakeFailure
QSsl.AlertType.NoCertificate
QSsl.AlertType.BadCertificate
QSsl.AlertType.UnsupportedCertificate
QSsl.AlertType.CertificateRevoked
QSsl.AlertType.CertificateExpired
QSsl.AlertType.CertificateUnknown
QSsl.AlertType.IllegalParameter
QSsl.AlertType.UnknownCa
QSsl.AlertType.AccessDenied
QSsl.AlertType.DecodeError
QSsl.AlertType.DecryptError
QSsl.AlertType.ExportRestriction
QSsl.AlertType.ProtocolVersion
QSsl.AlertType.InsufficientSecurity
QSsl.AlertType.InternalError
QSsl.AlertType.InappropriateFallback
QSsl.AlertType.UserCancelled
QSsl.AlertType.NoRenegotiation
QSsl.AlertType.MissingExtension
QSsl.AlertType.UnsupportedExtension
QSsl.AlertType.CertificateUnobtainable
QSsl.AlertType.UnrecognizedName
QSsl.AlertType.BadCertificateStatusResponse
QSsl.AlertType.BadCertificateHashValue
QSsl.AlertType.UnknownPskIdentity
QSsl.AlertType.CertificateRequired
QSsl.AlertType.NoApplicationProtocol
QSsl.AlertType.UnknownAlertMessage

class ImplementedClass¶

Enumerates classes that a TLS backend implements

In QtNetwork , some classes have backend-specific implementation and thus can be left unimplemented. Enumerators in this enum indicate, which class has a working implementation in the backend.

Constant

Description

QSsl.ImplementedClass.Key

Class QSslKey .

QSsl.ImplementedClass.Certificate

Class QSslCertificate .

QSsl.ImplementedClass.Socket

Class QSslSocket .

QSsl.ImplementedClass.DiffieHellman

Class QSslDiffieHellmanParameters .

QSsl.ImplementedClass.EllipticCurve

Class QSslEllipticCurve .

QSsl.ImplementedClass.Dtls

Class QDtls .

QSsl.ImplementedClass.DtlsCookie

Class QDtlsClientVerifier .

Constant	Description
QSsl.ImplementedClass.Key	Class `QSslKey` .
QSsl.ImplementedClass.Certificate	Class `QSslCertificate` .
QSsl.ImplementedClass.Socket	Class `QSslSocket` .
QSsl.ImplementedClass.DiffieHellman	Class `QSslDiffieHellmanParameters` .
QSsl.ImplementedClass.EllipticCurve	Class `QSslEllipticCurve` .
QSsl.ImplementedClass.Dtls	Class `QDtls` .
QSsl.ImplementedClass.DtlsCookie	Class `QDtlsClientVerifier` .

Added in version 6.1.

class SupportedFeature¶

Enumerates possible features that a TLS backend supports

In QtNetwork TLS-related classes have public API, that may be left unimplemented by some backend, for example, our SecureTransport backend does not support server-side ALPN. Enumerators from SupportedFeature enum indicate that a particular feature is supported.

Constant

Description

QSsl.SupportedFeature.CertificateVerification

Indicates that verify() is implemented by the backend.

QSsl.SupportedFeature.ClientSideAlpn

Client-side ALPN (Application Layer Protocol Negotiation).

QSsl.SupportedFeature.ServerSideAlpn

Server-side ALPN.

QSsl.SupportedFeature.Ocsp

OCSP stapling (Online Certificate Status Protocol).

QSsl.SupportedFeature.Psk

Pre-shared keys.

QSsl.SupportedFeature.SessionTicket

Session tickets.

QSsl.SupportedFeature.Alerts

Information about alert messages sent and received.

Constant	Description
QSsl.SupportedFeature.CertificateVerification	Indicates that `verify()` is implemented by the backend.
QSsl.SupportedFeature.ClientSideAlpn	Client-side ALPN (Application Layer Protocol Negotiation).
QSsl.SupportedFeature.ServerSideAlpn	Server-side ALPN.
QSsl.SupportedFeature.Ocsp	OCSP stapling (Online Certificate Status Protocol).
QSsl.SupportedFeature.Psk	Pre-shared keys.
QSsl.SupportedFeature.SessionTicket	Session tickets.
QSsl.SupportedFeature.Alerts	Information about alert messages sent and received.

Added in version 6.1.