### Install tlslite-ng manually Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Install tlslite-ng by running the setup script directly from the distribution directory. This method is useful if you have downloaded the source code. ```bash python setup.py install ``` -------------------------------- ### Run X.509 Server with TACK using tlslite-ng Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Starts an X.509 TLS server with TACK support. Requires TACKpy to be installed and the TACK certificate file. ```bash tls.py server -k serverX509Key.pem -c serverX509Cert.pem -t TACK1.pem localhost:4443 ``` -------------------------------- ### Install pip using get-pip.py Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md If pip is not available, download and run this script to install it. Then, use pip to install tlslite-ng. ```bash python get-pip.py ``` -------------------------------- ### Test tlslite-ng installation Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md After installation, run this command from the distribution's directory to verify that the library is working correctly. A 'Test succeeded' message indicates a successful installation. ```bash make test ``` -------------------------------- ### Run X.509 Server with tlslite-ng Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Starts an X.509 TLS server. Ensure you are in the './tests' directory and have the necessary key and certificate files. ```bash tls.py server -k serverX509Key.pem -c serverX509Cert.pem localhost:4443 ``` -------------------------------- ### Install tlslite-ng using pip Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Use this command to install the tlslite-ng library via pip. Ensure pip is installed on your system. ```bash pip install tlslite-ng ``` -------------------------------- ### Install Development Dependencies on Fedora Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/CONTRIBUTING.md Installs necessary development packages for tlslite-ng on Fedora using dnf. ```bash dnf install python-ecdsa python3-ecdsa pylint python3-pylint python-diff-cover \ python3-diff-cover python-coverage python3-coverage python2-hypothesis \ python3-hypothesis python3-libs python-unittest2 python-mock python3-sphinx ``` -------------------------------- ### Run Server with Delegated Credential Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Start the TLS server using a pre-generated Delegated Credential. This allows the server to run without its main private key. ```bash tls.py server -c serverX509Cert.pem --dc-key serverDelCredRSAPSSKey.pem --dc-file serverRSAPSSDC.pem localhost:4433 ``` -------------------------------- ### Install Optional Dependencies on Fedora Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/CONTRIBUTING.md Installs optional Python packages like tackpy and crypto libraries on Fedora. ```bash pip install tackpy dnf install m2crypto python-crypto python3-crypto python-gmpy2 python3-gmpy2 ``` -------------------------------- ### Run SRP TLS Server with tlslite-ng Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Starts a TLS server that uses an SRP verifier database for authentication. The database must be created and populated first. ```bash tls.py server -v verifierDB localhost:4443 ``` -------------------------------- ### Install Development Dependencies on RHEL 7 Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/CONTRIBUTING.md Installs development dependencies on RHEL 7, including enabling EPEL and using pip for Python 3 packages. ```bash yum install python-ecdsa python34-ecdsa pylint \ python-coverage python34-coverage python2-hypothesis \ python34-libs python-unittest2 python-mock python-pip python-sphinx pip2 install diff-cover pip3 install hypothesis diff-cover pylint ``` -------------------------------- ### Handling TLSRemoteAlert Exception Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Provides an example of catching a `TLSRemoteAlert` exception during a TLS handshake. This specific example checks for an `unknown_psk_identity` alert, which might indicate an incorrect SRP username. ```python try: [...] except TLSRemoteAlert as alert: if alert.description == AlertDescription.unknown_psk_identity: print "Unknown user." [...] ``` -------------------------------- ### Run Server with On-the-Fly Delegated Credential Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Initiate the TLS server by creating the Delegated Credential during the handshake. This method is useful when a pre-generated DC file is not an option. ```bash tls.py server -k serverX509Key.pem -c serverX509Cert.pem --dc-key serverDelCredRSAPSSKey.pem --dc-pub serverDelCredRSAPSSPub.pem localhost:4433 ``` -------------------------------- ### Create and Manage SRP Verifier Database with tlsdb.py Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Commands to create an SRP verifier database, add users with passwords and key sizes, and then run an SRP TLS server. ```bash tlsdb.py createsrp verifierDB tlsdb.py add verifierDB alice abra123cadabra 1024 tlsdb.py add verifierDB bob swordfish 2048 ``` -------------------------------- ### Server Certificate and Private Key Authentication Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Configures the server for authentication using a certificate chain and private key. Set `reqCert=True` to request a certificate from the client. ```python connection.handshakeServer(certChain=certChain, privateKey=privateKey, reqCert=True) ``` -------------------------------- ### Client Session Resumption Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Demonstrates how to attempt session resumption with a server by providing the previous session object. If the server supports it, the handshake will be faster; otherwise, a full handshake occurs. ```python connection.handshakeClientSRP("alice", "abra123cadabra") . . oldSession = connection.session connection2.handshakeClientSRP("alice", "abra123cadabra", session= oldSession) ``` -------------------------------- ### Import tlslite Objects Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Demonstrates how to import necessary classes from the tlslite library, either individually or through the main API. ```python from tlslite import TLSConnection from tlslite.api import * ``` -------------------------------- ### Run Development Tests Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/CONTRIBUTING.md Executes the full test suite for development, including test coverage checks. ```bash make test-dev ``` -------------------------------- ### Create a Socket Connection Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Establishes a basic TCP socket connection to a specified host and port. This is the first step before initiating a TLS connection. ```python from socket import * sock = socket(AF_INET, SOCK_STREAM) sock.connect( ("www.amazon.com", 443) ) ``` -------------------------------- ### Load X.509 Certificate Chain and Private Key Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Loads an X.509 certificate chain and a private key from PEM-encoded files. These are required for client authentication using X.509 certificates. ```python from tlslite import X509, X509CertChain, parsePEMKey s = open("./test/clientX509Cert.pem").read() x509 = X509() x509.parse(s) certChain = X509CertChain([x509]) s = open("./test/clientX509Key.pem").read() privateKey = parsePEMKey(s, private=True) ``` -------------------------------- ### Generate Delegated Credential Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Use this command to generate a Delegated Credential file. Requires the server certificate, its private key, and the public key of the Delegated Credential. The signature scheme is optional. ```bash tls.py credential -k serverX509Key.pem -c serverX509Cert.pem --dc-pub serverDelCredRSAPSSPub.pem --dc-file serverRSAPSSDC.pem ``` -------------------------------- ### Connect to X.509 Server with tlslite-ng Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Connects to a running X.509 TLS server. This can be used with a web browser or the tls.py client. ```bash tls.py client localhost:4443 ``` -------------------------------- ### tlslite-ng credential tool usage Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Command-line usage for the tls.py credential tool to generate a TLS 1.3 Delegated Credential. ```bash tls.py credential [-c CERT] [-k KEY] [--dc-pub KEY] [--dc-sig-scheme SIG] [--dc-file DCFILE] ``` -------------------------------- ### Perform Client TLS Handshake (With Client Cert) Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Initiates the TLS handshake as a client, providing a client certificate chain and private key for mutual authentication. ```python connection.handshakeClientCert(certChain, privateKey) ``` -------------------------------- ### Perform Client TLS Handshake with Custom Settings Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Initiates the TLS handshake as a client using SRP authentication with specific handshake settings, including custom key size, ciphers, and TLS version. ```python connection.handshakeClientSRP("alice", "abra123cadabra", settings=settings) ``` -------------------------------- ### Connect to SRP TLS Server with tlslite-ng Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Connects to a running SRP TLS server using the provided username and password. ```bash tls.py client -u alice -p abra123cadabra localhost:4443 ``` -------------------------------- ### Perform Client TLS Handshake (No Client Cert) Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Initiates the TLS handshake as a client. This version is used when the server authenticates itself with an X.509 certificate but client authentication is not required. ```python connection.handshakeClientCert() ``` -------------------------------- ### Configure Handshake Settings for SRP Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Customizes TLS handshake parameters, such as minimum key size, allowed ciphers, minimum TLS version, and enables experimental TACK extension. ```python settings = HandshakeSettings() settings.minKeySize = 2048 settings.cipherNames = ["aes256"] settings.minVersion = (3,1) settings.useExperimentalTACKExtension = True # Needed for TACK support ``` -------------------------------- ### Server TACK Extension Handshake Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Enables experimental TACK extension support for server authentication. Requires the TACKpy library and a HandshakeSettings object with `useExperimentalTACKExtension` set to True. ```python settings = HandshakeSettings() settings.useExperimentalTACKExtension = True # Needed for TACK support connection.handshakeServer(certChain=certChain, privateKey=privateKey, tack=tack, settings=settings) ``` -------------------------------- ### POP3_TLS Connection and Certificate Fingerprint Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Connect to a POP3 server over SSL using POP3_TLS and print the server's certificate fingerprint. ```python from tlslite.api import * p = POP3_TLS("---------.net", port=995) print p.sock.session.serverCertChain.getFingerprint() [...] ``` -------------------------------- ### Perform Client TLS Handshake (SRP Authentication) Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Initiates the TLS handshake as a client using SRP (Secure Remote Password) for mutual authentication with a username and password. ```python connection.handshakeClientSRP("alice", "abra123cadabra") ``` -------------------------------- ### Instantiate TLSConnection Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Creates a TLSConnection object, passing the established socket as an argument. This object will be used for the TLS handshake and data exchange. ```python connection = TLSConnection(sock) ``` -------------------------------- ### SMTP_TLS Connection with Certificate Fingerprint Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Connect to an SMTP server using SMTP_TLS and authenticate using the server's certificate fingerprint during the STARTTLS handshake. ```python from tlslite.api import * s = SMTP_TLS("----------.net", port=587) s.ehlo() s.starttls(x509Fingerprint="7e39be84a2e3a7ad071752e3001d931bf82c32dc") [...] ``` -------------------------------- ### Code Quality Check with Pylint and Diff-Quality Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/CONTRIBUTING.md Checks code changes against general guidelines using pylint and diff-quality. The report is saved to pylint_report.txt. ```bash pylint --msg-template="{path}:{line}: [{msg_id}({symbol}), {obj}] {msg}" tlslite > pylint_report.txt; diff-quality --violations=pylint pylint_report.txt ``` -------------------------------- ### Create Git Branch Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/CONTRIBUTING.md Creates a new topic branch for development, based on the master branch. Avoids working directly on master. ```bash git branch git checkout ``` -------------------------------- ### HTTPTLSConnection with Server TACK ID Authentication Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Authenticate the server using its TACK ID with HTTPTLSConnection. Set hardTack to False for flexible matching. ```python h = HTTPTLSConnection("localhost", 4443, tackID="B3ARS.EQ61B.F34EL.9KKLN.3WEW5", hardTack=False) [...] ``` -------------------------------- ### HTTPTLSConnection with Mutual SRP Authentication Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Establish a mutually authenticated connection using SRP with HTTPTLSConnection by providing username and password. ```python h = HTTPTLSConnection("localhost", 443, username="alice", password="abra123cadabra") [...] ``` -------------------------------- ### HTTPTLSConnection with No Authentication Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Use HTTPTLSConnection for basic SSL/TLS connections without any authentication. ```python h = HTTPTLSConnection("www.amazon.com", 443) h.request("GET", "") r = h.getresponse() [...] ``` -------------------------------- ### Server SRP Authentication Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Initiates a server handshake using SRP authentication. Requires a VerifierDB instance to manage password verifiers. Ensure the database is opened before calling this function. ```python verifierDB = VerifierDB("./test/verifierDB") verifierDB.open() connection.handshakeServer(verifierDB=verifierDB) ``` -------------------------------- ### IMAP4_TLS Connection with Certificate Fingerprint Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Connect to an IMAP server using IMAP4_TLS, specifying the server's certificate fingerprint for authentication. ```python from tlslite.api import * i = IMAP4_TLS("cyrus.andrew.cmu.edu", x509Fingerprint="00c14371227b3b677ddb9c4901e6f2aee18d3e45") [...] ``` -------------------------------- ### Server Session Cache for Resumption Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Enables session resumption for clients by providing a SessionCache object to the server handshake function. The SessionCache is thread-safe. ```python sessionCache = SessionCache() connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCache) ``` -------------------------------- ### Check for Whitespace Errors Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/CONTRIBUTING.md Identifies and reports unnecessary whitespace in code changes before committing. ```bash git diff --check ``` -------------------------------- ### Accessing Handshake Results Source: https://github.com/tlsfuzzer/tlslite-ng/blob/master/README.md Retrieves authentication results from the connection's session object after a successful handshake. Populated fields include SRP username, client/server certificate chains, and TACK extension details. ```python connection.session.srpUsername # string connection.session.clientCertChain # X509CertChain connection.session.serverCertChain # X509CertChain connection.session.tackExt # TACKpy.TACK_Extension ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.