QSsl

The QSsl namespace declares enums common to all SSL classes in Qt Network. More

Inheritance diagram of PySide2.QtNetwork.QSsl

Detailed Description

PySide2.QtNetwork.QSsl.KeyType

Describes the two types of keys QSslKey supports.

Constant

Description

QSsl.PrivateKey

A private key.

QSsl.PublicKey

A public key.

PySide2.QtNetwork.QSsl.EncodingFormat

Describes supported encoding formats for certificates and keys.

Constant

Description

QSsl.Pem

The PEM format.

QSsl.Der

The DER format.

PySide2.QtNetwork.QSsl.KeyAlgorithm

Describes the different key algorithms supported by QSslKey .

Constant

Description

QSsl.Rsa

The RSA algorithm.

QSsl.Dsa

The DSA algorithm.

QSsl.Ec

The Elliptic Curve algorithm.

QSsl.Dh

The Diffie-Hellman algorithm.

QSsl.Opaque

A key that should be treated as a ‘black box’ by QSslKey .

The opaque key facility allows applications to add support for facilities such as PKCS#11 that Qt does not currently offer natively.

PySide2.QtNetwork.QSsl.AlternativeNameEntryType

Describes the key types for alternative name entries in QSslCertificate .

Constant

Description

QSsl.EmailEntry

An email entry; the entry contains an email address that the certificate is valid for.

QSsl.DnsEntry

A DNS host name entry; the entry contains a host name entry that the certificate is valid for. The entry may contain wildcards.

QSsl.IpAddressEntry

An IP address entry; the entry contains an IP address entry that the certificate is valid for, introduced in Qt 5.13.

Note

In Qt 4, this enum was called AlternateNameEntryType . That name is deprecated in Qt 5.

PySide2.QtNetwork.QSsl.SslProtocol

Describes the protocol of the cipher.

Constant

Description

QSsl.SslV3

SSLv3; not supported by QSslSocket .

QSsl.SslV2

SSLv2; not supported by QSslSocket .

QSsl.TlsV1_0

TLSv1.0

QSsl.TlsV1_0OrLater

TLSv1.0 and later versions. This option is not available when using the WinRT backend due to platform limitations.

QSsl.TlsV1

Obsolete, means the same as

QSsl.TlsV1_1

TLSv1.1. When using the WinRT backend this option will also enable TLSv1.0.

QSsl.TlsV1_1OrLater

TLSv1.1 and later versions. This option is not available when using the WinRT backend due to platform limitations.

QSsl.TlsV1_2

TLSv1.2. When using the WinRT backend this option will also enable TLSv1.0 and TLSv1.1.

QSsl.TlsV1_2OrLater

TLSv1.2 and later versions. This option is not available when using the WinRT backend due to platform limitations.

QSsl.DtlsV1_0

DTLSv1.0

QSsl.DtlsV1_0OrLater

DTLSv1.0 and later versions.

QSsl.DtlsV1_2

DTLSv1.2

QSsl.DtlsV1_2OrLater

DTLSv1.2 and later versions.

QSsl.TlsV1_3

TLSv1.3. (Since Qt 5.12)

QSsl.TlsV1_3OrLater

TLSv1.3 and later versions. (Since Qt 5.12)

QSsl.UnknownProtocol

The cipher’s protocol cannot be determined.

QSsl.AnyProtocol

Any supported protocol. This value is used by QSslSocket only.

QSsl.TlsV1SslV3

Same as .

QSsl.SecureProtocols

The default option, using protocols known to be secure.

PySide2.QtNetwork.QSsl.SslOption

Describes the options that can be used to control the details of SSL behaviour. These options are generally used to turn features off to work around buggy servers.

Constant

Description

QSsl.SslOptionDisableEmptyFragments

Disables the insertion of empty fragments into the data when using block ciphers. When enabled, this prevents some attacks (such as the BEAST attack), however it is incompatible with some servers.

QSsl.SslOptionDisableSessionTickets

Disables the SSL session ticket extension. This can cause slower connection setup, however some servers are not compatible with the extension.

QSsl.SslOptionDisableCompression

Disables the SSL compression extension. When enabled, this allows the data being passed over SSL to be compressed, however some servers are not compatible with this extension.

QSsl.SslOptionDisableServerNameIndication

Disables the SSL server name indication extension. When enabled, this tells the server the virtual host being accessed allowing it to respond with the correct certificate.

QSsl.SslOptionDisableLegacyRenegotiation

Disables the older insecure mechanism for renegotiating the connection parameters. When enabled, this option can allow connections for legacy servers, but it introduces the possibility that an attacker could inject plaintext into the SSL session.

QSsl.SslOptionDisableSessionSharing

Disables SSL session sharing via the session ID handshake attribute.

QSsl.SslOptionDisableSessionPersistence

Disables storing the SSL session in ASN.1 format as returned by sessionTicket() . Enabling this feature adds memory overhead of approximately 1K per used session ticket.

QSsl.SslOptionDisableServerCipherPreference

Disables selecting the cipher chosen based on the servers preferences rather than the order ciphers were sent by the client. This option is only relevant to server sockets, and is only honored by the OpenSSL backend.

By default, is turned on since this causes problems with a large number of servers. is also turned on, since it introduces a security risk. is turned on to prevent the attack publicised by CRIME. is turned on to optimize memory usage. The other options are turned off.

Note

Availability of above options depends on the version of the SSL backend in use.