class QSsl#

The QSsl namespace declares enums common to all SSL classes in Qt Network. More

Note

This documentation may contain snippets that were automatically translated from C++ to Python. We always welcome contributions to the snippet translation. If you see an issue with the translation, you can also let us know by creating a ticket on https:/bugreports.qt.io/projects/PYSIDE

Detailed Description#

class KeyType#

Describes the two types of keys QSslKey supports.

Constant

Description

QSsl.PrivateKey

A private key.

QSsl.PublicKey

A public key.

class EncodingFormat#

Describes supported encoding formats for certificates and keys.

Constant

Description

QSsl.Pem

The PEM format.

QSsl.Der

The DER format.

class KeyAlgorithm#

Describes the different key algorithms supported by QSslKey .

Constant

Description

QSsl.Rsa

The RSA algorithm.

QSsl.Dsa

The DSA algorithm.

QSsl.Ec

The Elliptic Curve algorithm.

QSsl.Dh

The Diffie-Hellman algorithm.

QSsl.Opaque

A key that should be treated as a ‘black box’ by QSslKey .

The opaque key facility allows applications to add support for facilities such as PKCS#11 that Qt does not currently offer natively.

class AlternativeNameEntryType#

Describes the key types for alternative name entries in QSslCertificate .

Constant

Description

QSsl.EmailEntry

An email entry; the entry contains an email address that the certificate is valid for.

QSsl.DnsEntry

A DNS host name entry; the entry contains a host name entry that the certificate is valid for. The entry may contain wildcards.

QSsl.IpAddressEntry

An IP address entry; the entry contains an IP address entry that the certificate is valid for, introduced in Qt 5.13.

class SslProtocol#

Describes the protocol of the cipher.

Constant

Description

QSsl.TlsV1_0

TLSv1.0

QSsl.TlsV1_0OrLater

TLSv1.0 and later versions.

QSsl.TlsV1_1

TLSv1.1.

QSsl.TlsV1_1OrLater

TLSv1.1 and later versions.

QSsl.TlsV1_2

TLSv1.2.

QSsl.TlsV1_2OrLater

TLSv1.2 and later versions.

QSsl.DtlsV1_0

DTLSv1.0

QSsl.DtlsV1_0OrLater

DTLSv1.0 and later versions.

QSsl.DtlsV1_2

DTLSv1.2

QSsl.DtlsV1_2OrLater

DTLSv1.2 and later versions.

QSsl.TlsV1_3

TLSv1.3. (Since Qt 5.12)

QSsl.TlsV1_3OrLater

TLSv1.3 and later versions. (Since Qt 5.12)

QSsl.UnknownProtocol

The cipher’s protocol cannot be determined.

QSsl.AnyProtocol

Any supported protocol. This value is used by QSslSocket only.

QSsl.SecureProtocols

The default option, using protocols known to be secure.

class SslOption#

(inherits enum.Flag) Describes the options that can be used to control the details of SSL behaviour. These options are generally used to turn features off to work around buggy servers.

Constant

Description

QSsl.SslOptionDisableEmptyFragments

Disables the insertion of empty fragments into the data when using block ciphers. When enabled, this prevents some attacks (such as the BEAST attack), however it is incompatible with some servers.

QSsl.SslOptionDisableSessionTickets

Disables the SSL session ticket extension. This can cause slower connection setup, however some servers are not compatible with the extension.

QSsl.SslOptionDisableCompression

Disables the SSL compression extension. When enabled, this allows the data being passed over SSL to be compressed, however some servers are not compatible with this extension.

QSsl.SslOptionDisableServerNameIndication

Disables the SSL server name indication extension. When enabled, this tells the server the virtual host being accessed allowing it to respond with the correct certificate.

QSsl.SslOptionDisableLegacyRenegotiation

Disables the older insecure mechanism for renegotiating the connection parameters. When enabled, this option can allow connections for legacy servers, but it introduces the possibility that an attacker could inject plaintext into the SSL session.

QSsl.SslOptionDisableSessionSharing

Disables SSL session sharing via the session ID handshake attribute.

QSsl.SslOptionDisableSessionPersistence

Disables storing the SSL session in ASN.1 format as returned by sessionTicket() . Enabling this feature adds memory overhead of approximately 1K per used session ticket.

QSsl.SslOptionDisableServerCipherPreference

Disables selecting the cipher chosen based on the servers preferences rather than the order ciphers were sent by the client. This option is only relevant to server sockets, and is only honored by the OpenSSL backend.

By default, SslOptionDisableEmptyFragments is turned on since this causes problems with a large number of servers. SslOptionDisableLegacyRenegotiation is also turned on, since it introduces a security risk. SslOptionDisableCompression is turned on to prevent the attack publicised by CRIME. SslOptionDisableSessionPersistence is turned on to optimize memory usage. The other options are turned off.

Note

Availability of above options depends on the version of the SSL backend in use.

class AlertLevel#

Describes the level of an alert message

This enum describes the level of an alert message that was sent or received.

Constant

Description

QSslSocket.AlertLevel.Warning

Non-fatal alert message

QSslSocket.AlertLevel.Fatal

Fatal alert message, the underlying backend will handle such an alert properly and close the connection.

QSslSocket.AlertLevel.Unknown

An alert of unknown level of severity.

class AlertType#

Enumerates possible codes that an alert message can have

See RFC 8446, section 6 for the possible values and their meaning.

Constant

Description

QSslSocket.AlertType.CloseNotify

,

QSslSocket.AlertType.UnexpectedMessage

QSslSocket.AlertType.BadRecordMac

QSslSocket.AlertType.RecordOverflow

QSslSocket.AlertType.DecompressionFailure

QSslSocket.AlertType.HandshakeFailure

QSslSocket.AlertType.NoCertificate

QSslSocket.AlertType.BadCertificate

QSslSocket.AlertType.UnsupportedCertificate

QSslSocket.AlertType.CertificateRevoked

QSslSocket.AlertType.CertificateExpired

QSslSocket.AlertType.CertificateUnknown

QSslSocket.AlertType.IllegalParameter

QSslSocket.AlertType.UnknownCa

QSslSocket.AlertType.AccessDenied

QSslSocket.AlertType.DecodeError

QSslSocket.AlertType.DecryptError

QSslSocket.AlertType.ExportRestriction

QSslSocket.AlertType.ProtocolVersion

QSslSocket.AlertType.InsufficientSecurity

QSslSocket.AlertType.InternalError

QSslSocket.AlertType.InappropriateFallback

QSslSocket.AlertType.UserCancelled

QSslSocket.AlertType.NoRenegotiation

QSslSocket.AlertType.MissingExtension

QSslSocket.AlertType.UnsupportedExtension

QSslSocket.AlertType.CertificateUnobtainable

QSslSocket.AlertType.UnrecognizedName

QSslSocket.AlertType.BadCertificateStatusResponse

QSslSocket.AlertType.BadCertificateHashValue

QSslSocket.AlertType.UnknownPskIdentity

QSslSocket.AlertType.CertificateRequired

QSslSocket.AlertType.NoApplicationProtocol

QSslSocket.AlertType.UnknownAlertMessage

class ImplementedClass#

Enumerates classes that a TLS backend implements

In QtNetwork , some classes have backend-specific implementation and thus can be left unimplemented. Enumerators in this enum indicate, which class has a working implementation in the backend.

Constant

Description

QSslSocket.ImplementedClass.Key

Class QSslKey .

QSslSocket.ImplementedClass.Certificate

Class QSslCertificate .

QSslSocket.ImplementedClass.Socket

Class QSslSocket .

QSslSocket.ImplementedClass.DiffieHellman

Class QSslDiffieHellmanParameters .

QSslSocket.ImplementedClass.EllipticCurve

Class QSslEllipticCurve .

QSslSocket.ImplementedClass.Dtls

Class QDtls .

QSslSocket.ImplementedClass.DtlsCookie

Class QDtlsClientVerifier .

New in version 6.1.

class SupportedFeature#

Enumerates possible features that a TLS backend supports

In QtNetwork TLS-related classes have public API, that may be left unimplemented by some backend, for example, our SecureTransport backend does not support server-side ALPN. Enumerators from SupportedFeature enum indicate that a particular feature is supported.

Constant

Description

QSslSocket.SupportedFeature.CertificateVerification

Indicates that verify() is implemented by the backend.

QSslSocket.SupportedFeature.ClientSideAlpn

Client-side ALPN (Application Layer Protocol Negotiation).

QSslSocket.SupportedFeature.ServerSideAlpn

Server-side ALPN.

QSslSocket.SupportedFeature.Ocsp

OCSP stapling (Online Certificate Status Protocol).

QSslSocket.SupportedFeature.Psk

Pre-shared keys.

QSslSocket.SupportedFeature.SessionTicket

Session tickets.

QSslSocket.SupportedFeature.Alerts

Information about alert messages sent and received.

New in version 6.1.