Connection¶

class siotls.connection.TLSConnection¶

__init__(config, server_hostname=None)¶

Parameters:

config (TLSConfiguration)
server_hostname (str | None)

close_receiving_end()¶: Half-close the connection, ignore future incoming messages. Must be called when the TCP connection is closed.

close_sending_end()¶: Half-close the connection, signal the peer that this side will not send any new message.

config: TLSConfiguration¶: The TLS configuration used for establishing this secure connection. It includes this side (client / server) of the connection, but also the allowed ciphers, key exchanges and signature schemes and (many) other settings for this connection.

data_to_read()¶

Dequeue the clear data received from the peer that is intended for this side’s application.

Return type:: bytes | bytearray

data_to_send()¶

Dequeue the encrypted data that is intended to the peer.

Return type:: bytes | bytearray

fail()¶: Signal the peer that an internal error occured, close both ends of the connection and ignore all future incomming messages.

initiate_connection()¶: Start the TLS three-way handshakes with the peer. Client-side it sends the first ClientHello message. Server-side it puts the connection in a state to accept the ClientHello.

is_connected()¶

True when the connection’s state is Connected / Half-Closed (sending end); False otherwise.

Return type:: bool

is_post_handshake()¶

True when the connection state is Connected / Closed (either end) / Failed; False otherwise.

Return type:: bool

nconfig: TLSNegotiatedConfiguration | None¶: The cipher, key exchange, signature scheme and (many) other settings agreed upon by both peers during the handshake.

receive_data(data)¶

Enqueue raw / encrypted data received from the peer inside the connection’s buffer. Process the messages when enough data is present. Prepare the messages to be forwarded to this side’s application upon next call to data_to_read(), and the data to send to the peer upon next call to data_to_send().

Parameters:: data (bytes)

send_data(data)¶

Enqueue and encrypt clear/un-encrypted data comming from this side’s application. Prepare the message to be send upon next call to data_to_send().

Parameters:: data (bytes)

server_hostname: str | None¶: Client-side only. The expected server hostname, used for Server Name (SNI) and for verifying the CN and SAN fields for the server certificate.

wrap(tcp_socket)¶

Bind this connection to a TCP socket and get a file-like interface.

Parameters:: tcp_socket (socket.socket)
Return type:: WrappedSocket