python-libtls is a Python library which provides a high-level interface for
secure network communication using the latest versions of Transport Layer
Security (TLS). The underlying TLS functionality is provided by libtls,
which is part of LibreSSL. libtls has a
simple API and good security defaults.
LibreSSL is a version of the TLS/crypto stack forked by the OpenBSD team from OpenSSL in 2014, with the goals of modernizing the codebase, improving security, and applying best practice development processes. LibreSSL has been, and continues to be, less susceptible to vulnerabilities than OpenSSL.
Here is a simple example of using python-libtls to securely connect to a
server, send data to it and receive data from it.
>>> from tls import Context; context = Context()
>>> tls_socket = context.connect('github.com', 443)
>>> tls_socket.sendall(b'GET / HTTP/1.1\r\nhost: github.com\r\n\r\n')
>>> data = tls_socket.recv(4096)
>>> len(data)
1370
>>> data[:68]
b'HTTP/1.1 200 OK\r\nServer: GitHub.com\r\nDate: Fri, 10 Feb 2017 16:53:39'
The data sent and received over the socket will have been protected by TLS.
This package is compatible with Python 2.7 and Python >= 3.4. It tracks recent releases of libtls (the latest is 2.5.1). It is a
pure-Python package with no other Python dependencies.
Note
You will need the libtls binaries for your platform. Even if your
operating system uses LibreSSL and hence libtls, the system version of
libtls may not be compatible with a particular version of python-libtls.
This project does not provide binaries, as you would have no way of verifying that those binaries are actually what they purport to be. You may want to refer to the section on Building your own libtls binaries.
You can install this package using pip install python-libtls. Once installed, you can access its functionality via the tls package. See the Tutorial for more information.
If you download the source distribution, a test script test_tls.py is
provided. You can test your installation of python-libtls by running something like
LD_LIBRARY_PATH=/path/to/libtls/lib python test_tls.py
Copyright (c) 2017 by Vinay Sajip.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
- The name(s) of the copyright holder(s) may not be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER(S) “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
There are some specific libtls APIs which are not yet supported:
tls_load_filetls_free_file. Without it, there is no
guaranteed safe, cross-platform way of releasing the allocated memory.tls_config_set_XXXX_mempython-libtls.tls_config_add_ticket_keypython-libtls.tls_connect_fds, tls_connect_cbs, tls_accept_fds, tls_accept_cbspython-libtls.