Lecture 9 - Advanced Python TLS Programming_Handouts
Lecture 9 - Advanced Python TLS Programming_Handouts
Programming
Afterwards
• load_verify_locations() with same parameters
• Allows optional configuration or more complexity
ssl.CERT_OPTIONAL
• Server will request client to provide certificate
• Client not obligated to do so
ssl.CERT_REQUIRED
• Default for client
• Remote Certificate must be validated
SSLSocket.getpeercert()
• After connection is established, can call this
method on the SSLSocket
• Returns a Python dictionary containing certificate
information sent by remote site
• Can decode and print useful information
Other Uses
• If manually verifying certificates, can be useful
• Can validate different parts of remote certificate
before completing handshake manually
SSLSocket
• cipher()
• Returns actual selected algorithm information
Manual Verification
Slowing the Process Down
Stopping TLS Handshake from automatically
running
• When wrapping socket, turn handshake functionality
off
• Parameter: do_handshake_on_connect=False
• Default True
• Connection will establish, but no encryption will be
enabled
Week 9
Tutorial – TLS Programming