QSsl#

The QSsl namespace declares enums common to all SSL classes in Qt Network. More…

Note

This documentation may contain snippets that were automatically translated from C++ to Python. We always welcome contributions to the snippet translation. If you see an issue with the translation, you can also let us know by creating a ticket on https:/bugreports.qt.io/projects/PYSIDE

Detailed Description#

PySide6.QtNetwork.QSsl.KeyType#

Describes the two types of keys QSslKey supports.

Constant

Description

QSsl.PrivateKey

A private key.

QSsl.PublicKey

A public key.

Constant	Description
QSsl.PrivateKey	A private key.
QSsl.PublicKey	A public key.

PySide6.QtNetwork.QSsl.EncodingFormat#

Describes supported encoding formats for certificates and keys.

Constant

Description

QSsl.Pem

The PEM format.

QSsl.Der

The DER format.

Constant	Description
QSsl.Pem	The PEM format.
QSsl.Der	The DER format.

PySide6.QtNetwork.QSsl.KeyAlgorithm#

Describes the different key algorithms supported by QSslKey .

Constant

Description

QSsl.Rsa

The RSA algorithm.

QSsl.Dsa

The DSA algorithm.

QSsl.Ec

The Elliptic Curve algorithm.

QSsl.Dh

The Diffie-Hellman algorithm.

QSsl.Opaque

A key that should be treated as a ‘black box’ by QSslKey .

Constant	Description
QSsl.Rsa	The RSA algorithm.
QSsl.Dsa	The DSA algorithm.
QSsl.Ec	The Elliptic Curve algorithm.
QSsl.Dh	The Diffie-Hellman algorithm.
QSsl.Opaque	A key that should be treated as a ‘black box’ by `QSslKey` .

The opaque key facility allows applications to add support for facilities such as PKCS#11 that Qt does not currently offer natively.

PySide6.QtNetwork.QSsl.AlternativeNameEntryType#

Describes the key types for alternative name entries in QSslCertificate .

Constant

Description

QSsl.EmailEntry

An email entry; the entry contains an email address that the certificate is valid for.

QSsl.DnsEntry

A DNS host name entry; the entry contains a host name entry that the certificate is valid for. The entry may contain wildcards.

QSsl.IpAddressEntry

An IP address entry; the entry contains an IP address entry that the certificate is valid for, introduced in Qt 5.13.

See also

subjectAlternativeNames()

Constant	Description
QSsl.EmailEntry	An email entry; the entry contains an email address that the certificate is valid for.
QSsl.DnsEntry	A DNS host name entry; the entry contains a host name entry that the certificate is valid for. The entry may contain wildcards.
QSsl.IpAddressEntry	An IP address entry; the entry contains an IP address entry that the certificate is valid for, introduced in Qt 5.13.

PySide6.QtNetwork.QSsl.SslProtocol#

Describes the protocol of the cipher.

Constant

Description

QSsl.TlsV1_0

TLSv1.0

QSsl.TlsV1_0OrLater

TLSv1.0 and later versions.

QSsl.TlsV1_1

TLSv1.1.

QSsl.TlsV1_1OrLater

TLSv1.1 and later versions.

QSsl.TlsV1_2

TLSv1.2.

QSsl.TlsV1_2OrLater

TLSv1.2 and later versions.

QSsl.DtlsV1_0

DTLSv1.0

QSsl.DtlsV1_0OrLater

DTLSv1.0 and later versions.

QSsl.DtlsV1_2

DTLSv1.2

QSsl.DtlsV1_2OrLater

DTLSv1.2 and later versions.

QSsl.TlsV1_3

TLSv1.3. (Since Qt 5.12)

QSsl.TlsV1_3OrLater

TLSv1.3 and later versions. (Since Qt 5.12)

QSsl.UnknownProtocol

The cipher’s protocol cannot be determined.

QSsl.AnyProtocol

Any supported protocol. This value is used by QSslSocket only.

QSsl.SecureProtocols

The default option, using protocols known to be secure.

Constant	Description
QSsl.TlsV1_0	TLSv1.0
QSsl.TlsV1_0OrLater	TLSv1.0 and later versions.
QSsl.TlsV1_1	TLSv1.1.
QSsl.TlsV1_1OrLater	TLSv1.1 and later versions.
QSsl.TlsV1_2	TLSv1.2.
QSsl.TlsV1_2OrLater	TLSv1.2 and later versions.
QSsl.DtlsV1_0	DTLSv1.0
QSsl.DtlsV1_0OrLater	DTLSv1.0 and later versions.
QSsl.DtlsV1_2	DTLSv1.2
QSsl.DtlsV1_2OrLater	DTLSv1.2 and later versions.
QSsl.TlsV1_3	TLSv1.3. (Since Qt 5.12)
QSsl.TlsV1_3OrLater	TLSv1.3 and later versions. (Since Qt 5.12)
QSsl.UnknownProtocol	The cipher’s protocol cannot be determined.
QSsl.AnyProtocol	Any supported protocol. This value is used by `QSslSocket` only.
QSsl.SecureProtocols	The default option, using protocols known to be secure.

PySide6.QtNetwork.QSsl.SslOption#

(inherits enum.Flag) Describes the options that can be used to control the details of SSL behaviour. These options are generally used to turn features off to work around buggy servers.

Constant

Description

QSsl.SslOptionDisableEmptyFragments

Disables the insertion of empty fragments into the data when using block ciphers. When enabled, this prevents some attacks (such as the BEAST attack), however it is incompatible with some servers.

QSsl.SslOptionDisableSessionTickets

Disables the SSL session ticket extension. This can cause slower connection setup, however some servers are not compatible with the extension.

QSsl.SslOptionDisableCompression

Disables the SSL compression extension. When enabled, this allows the data being passed over SSL to be compressed, however some servers are not compatible with this extension.

QSsl.SslOptionDisableServerNameIndication

Disables the SSL server name indication extension. When enabled, this tells the server the virtual host being accessed allowing it to respond with the correct certificate.

QSsl.SslOptionDisableLegacyRenegotiation

Disables the older insecure mechanism for renegotiating the connection parameters. When enabled, this option can allow connections for legacy servers, but it introduces the possibility that an attacker could inject plaintext into the SSL session.

QSsl.SslOptionDisableSessionSharing

Disables SSL session sharing via the session ID handshake attribute.

QSsl.SslOptionDisableSessionPersistence

Disables storing the SSL session in ASN.1 format as returned by sessionTicket() . Enabling this feature adds memory overhead of approximately 1K per used session ticket.

QSsl.SslOptionDisableServerCipherPreference

Disables selecting the cipher chosen based on the servers preferences rather than the order ciphers were sent by the client. This option is only relevant to server sockets, and is only honored by the OpenSSL backend.

Constant	Description
QSsl.SslOptionDisableEmptyFragments	Disables the insertion of empty fragments into the data when using block ciphers. When enabled, this prevents some attacks (such as the BEAST attack), however it is incompatible with some servers.
QSsl.SslOptionDisableSessionTickets	Disables the SSL session ticket extension. This can cause slower connection setup, however some servers are not compatible with the extension.
QSsl.SslOptionDisableCompression	Disables the SSL compression extension. When enabled, this allows the data being passed over SSL to be compressed, however some servers are not compatible with this extension.
QSsl.SslOptionDisableServerNameIndication	Disables the SSL server name indication extension. When enabled, this tells the server the virtual host being accessed allowing it to respond with the correct certificate.
QSsl.SslOptionDisableLegacyRenegotiation	Disables the older insecure mechanism for renegotiating the connection parameters. When enabled, this option can allow connections for legacy servers, but it introduces the possibility that an attacker could inject plaintext into the SSL session.
QSsl.SslOptionDisableSessionSharing	Disables SSL session sharing via the session ID handshake attribute.
QSsl.SslOptionDisableSessionPersistence	Disables storing the SSL session in ASN.1 format as returned by `sessionTicket()` . Enabling this feature adds memory overhead of approximately 1K per used session ticket.
QSsl.SslOptionDisableServerCipherPreference	Disables selecting the cipher chosen based on the servers preferences rather than the order ciphers were sent by the client. This option is only relevant to server sockets, and is only honored by the OpenSSL backend.

By default, SslOptionDisableEmptyFragments is turned on since this causes problems with a large number of servers. SslOptionDisableLegacyRenegotiation is also turned on, since it introduces a security risk. SslOptionDisableCompression is turned on to prevent the attack publicised by CRIME. SslOptionDisableSessionPersistence is turned on to optimize memory usage. The other options are turned off.

Note

Availability of above options depends on the version of the SSL backend in use.

PySide6.QtNetwork.QSsl.AlertLevel#

Describes the level of an alert message

This enum describes the level of an alert message that was sent or received.

Constant

Description

QSslSocket.AlertLevel.Warning

Non-fatal alert message

QSslSocket.AlertLevel.Fatal

Fatal alert message, the underlying backend will handle such an alert properly and close the connection.

QSslSocket.AlertLevel.Unknown

An alert of unknown level of severity.

Constant	Description
QSslSocket.AlertLevel.Warning	Non-fatal alert message
QSslSocket.AlertLevel.Fatal	Fatal alert message, the underlying backend will handle such an alert properly and close the connection.
QSslSocket.AlertLevel.Unknown	An alert of unknown level of severity.

PySide6.QtNetwork.QSsl.AlertType#

Enumerates possible codes that an alert message can have

See RFC 8446, section 6 for the possible values and their meaning.

Constant

Description

QSslSocket.AlertType.CloseNotify

,

QSslSocket.AlertType.UnexpectedMessage

QSslSocket.AlertType.BadRecordMac

QSslSocket.AlertType.RecordOverflow

QSslSocket.AlertType.DecompressionFailure

QSslSocket.AlertType.HandshakeFailure

QSslSocket.AlertType.NoCertificate

QSslSocket.AlertType.BadCertificate

QSslSocket.AlertType.UnsupportedCertificate

QSslSocket.AlertType.CertificateRevoked

QSslSocket.AlertType.CertificateExpired

QSslSocket.AlertType.CertificateUnknown

QSslSocket.AlertType.IllegalParameter

QSslSocket.AlertType.UnknownCa

QSslSocket.AlertType.AccessDenied

QSslSocket.AlertType.DecodeError

QSslSocket.AlertType.DecryptError

QSslSocket.AlertType.ExportRestriction

QSslSocket.AlertType.ProtocolVersion

QSslSocket.AlertType.InsufficientSecurity

QSslSocket.AlertType.InternalError

QSslSocket.AlertType.InappropriateFallback

QSslSocket.AlertType.UserCancelled

QSslSocket.AlertType.NoRenegotiation

QSslSocket.AlertType.MissingExtension

QSslSocket.AlertType.UnsupportedExtension

QSslSocket.AlertType.CertificateUnobtainable

QSslSocket.AlertType.UnrecognizedName

QSslSocket.AlertType.BadCertificateStatusResponse

QSslSocket.AlertType.BadCertificateHashValue

QSslSocket.AlertType.UnknownPskIdentity

QSslSocket.AlertType.CertificateRequired

QSslSocket.AlertType.NoApplicationProtocol

QSslSocket.AlertType.UnknownAlertMessage

Constant	Description
QSslSocket.AlertType.CloseNotify	,
QSslSocket.AlertType.UnexpectedMessage
QSslSocket.AlertType.BadRecordMac
QSslSocket.AlertType.RecordOverflow
QSslSocket.AlertType.DecompressionFailure
QSslSocket.AlertType.HandshakeFailure
QSslSocket.AlertType.NoCertificate
QSslSocket.AlertType.BadCertificate
QSslSocket.AlertType.UnsupportedCertificate
QSslSocket.AlertType.CertificateRevoked
QSslSocket.AlertType.CertificateExpired
QSslSocket.AlertType.CertificateUnknown
QSslSocket.AlertType.IllegalParameter
QSslSocket.AlertType.UnknownCa
QSslSocket.AlertType.AccessDenied
QSslSocket.AlertType.DecodeError
QSslSocket.AlertType.DecryptError
QSslSocket.AlertType.ExportRestriction
QSslSocket.AlertType.ProtocolVersion
QSslSocket.AlertType.InsufficientSecurity
QSslSocket.AlertType.InternalError
QSslSocket.AlertType.InappropriateFallback
QSslSocket.AlertType.UserCancelled
QSslSocket.AlertType.NoRenegotiation
QSslSocket.AlertType.MissingExtension
QSslSocket.AlertType.UnsupportedExtension
QSslSocket.AlertType.CertificateUnobtainable
QSslSocket.AlertType.UnrecognizedName
QSslSocket.AlertType.BadCertificateStatusResponse
QSslSocket.AlertType.BadCertificateHashValue
QSslSocket.AlertType.UnknownPskIdentity
QSslSocket.AlertType.CertificateRequired
QSslSocket.AlertType.NoApplicationProtocol
QSslSocket.AlertType.UnknownAlertMessage

PySide6.QtNetwork.QSsl.ImplementedClass#

Enumerates classes that a TLS backend implements

In QtNetwork , some classes have backend-specific implementation and thus can be left unimplemented. Enumerators in this enum indicate, which class has a working implementation in the backend.

Constant

Description

QSslSocket.ImplementedClass.Key

Class QSslKey .

QSslSocket.ImplementedClass.Certificate

Class QSslCertificate .

QSslSocket.ImplementedClass.Socket

Class QSslSocket .

QSslSocket.ImplementedClass.DiffieHellman

Class QSslDiffieHellmanParameters .

QSslSocket.ImplementedClass.EllipticCurve

Class QSslEllipticCurve .

QSslSocket.ImplementedClass.Dtls

Class QDtls .

QSslSocket.ImplementedClass.DtlsCookie

Class QDtlsClientVerifier .

Constant	Description
QSslSocket.ImplementedClass.Key	Class `QSslKey` .
QSslSocket.ImplementedClass.Certificate	Class `QSslCertificate` .
QSslSocket.ImplementedClass.Socket	Class `QSslSocket` .
QSslSocket.ImplementedClass.DiffieHellman	Class `QSslDiffieHellmanParameters` .
QSslSocket.ImplementedClass.EllipticCurve	Class `QSslEllipticCurve` .
QSslSocket.ImplementedClass.Dtls	Class `QDtls` .
QSslSocket.ImplementedClass.DtlsCookie	Class `QDtlsClientVerifier` .

New in version 6.1.

PySide6.QtNetwork.QSsl.SupportedFeature#

Enumerates possible features that a TLS backend supports

In QtNetwork TLS-related classes have public API, that may be left unimplemented by some backend, for example, our SecureTransport backend does not support server-side ALPN. Enumerators from SupportedFeature enum indicate that a particular feature is supported.

Constant

Description

QSslSocket.SupportedFeature.CertificateVerification

Indicates that verify() is implemented by the backend.

QSslSocket.SupportedFeature.ClientSideAlpn

Client-side ALPN (Application Layer Protocol Negotiation).

QSslSocket.SupportedFeature.ServerSideAlpn

Server-side ALPN.

QSslSocket.SupportedFeature.Ocsp

OCSP stapling (Online Certificate Status Protocol).

QSslSocket.SupportedFeature.Psk

Pre-shared keys.

QSslSocket.SupportedFeature.SessionTicket

Session tickets.

QSslSocket.SupportedFeature.Alerts

Information about alert messages sent and received.

Constant	Description
QSslSocket.SupportedFeature.CertificateVerification	Indicates that `verify()` is implemented by the backend.
QSslSocket.SupportedFeature.ClientSideAlpn	Client-side ALPN (Application Layer Protocol Negotiation).
QSslSocket.SupportedFeature.ServerSideAlpn	Server-side ALPN.
QSslSocket.SupportedFeature.Ocsp	OCSP stapling (Online Certificate Status Protocol).
QSslSocket.SupportedFeature.Psk	Pre-shared keys.
QSslSocket.SupportedFeature.SessionTicket	Session tickets.
QSslSocket.SupportedFeature.Alerts	Information about alert messages sent and received.

New in version 6.1.