Shared_ciphers() method of SSLSocket class in Python

  1. Home
  2. Ssl
  3. Sslsocket
  4. Shared_ciphers

Method Name:

shared_ciphers

Method Signature:

shared_ciphers()

Parameters:

None

Return Value:

  • A list of tuples of ciphers, their TLS (also still called as SSL) protocol version, number of secret bits used.
  • None if invoked before the SSL handshake.

Overview:

  • The method shared_ciphers() returns a list of tuples containing the ciphers, the TLS protocol version and the number of secret bits shared with the peer.
  • It does not make sense to call this method on a server socket before or after connections are accepted.
  • However, this method works and retrieves the list of ciphers shared with the peer in the following scenarios:
    • A client socket connecting to a server. The method returns the list of tuples containing cipher information After the SSL handshake
    • A server creating a client socket for a request from client.

 

Example:

# Example Python program that gets the cipher information

# used in a secure communication through SSLScoket

import socket

import ssl

import platform

 

# SSL context

cx               = ssl.SSLContext();

cx.verify_mode   = ssl.CERT_REQUIRED;

 

# Check for OS X platform

if platform.system().lower() == 'darwin':

    import certifi

    import os

 

    # Load the CA certificates used for validating the peer's certificate

    cx.load_verify_locations(

        cafile=os.path.relpath(certifi.where()),

        capath=None,

        cadata=None);

 

# Make a secure socket to connect to the server

s   = socket.socket();

ss  = cx.wrap_socket(s);

 

# Connect to the server

ss.connect(("example.com", 443));

shared_ciphers = ss.shared_ciphers();

print("List of shared ciphers :");

print(shared_ciphers);

 

Output:

List of shared ciphers :

[('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256), ('TLS_CHACHA20_POLY1305_SHA256', 'TLSv1.3', 256), ('TLS_AES_128_GCM_SHA256', 'TLSv1.3', 128), ('ECDHE-ECDSA-AES256-GCM-SHA384', 'TLSv1.2', 256), ('ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256), ('DHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256), ('ECDHE-ECDSA-CHACHA20-POLY1305', 'TLSv1.2', 256), ('ECDHE-RSA-CHACHA20-POLY1305', 'TLSv1.2', 256), ('DHE-RSA-CHACHA20-POLY1305', 'TLSv1.2', 256), ('ECDHE-ECDSA-AES128-GCM-SHA256', 'TLSv1.2', 128), ('ECDHE-RSA-AES128-GCM-SHA256', 'TLSv1.2', 128), ('DHE-RSA-AES128-GCM-SHA256', 'TLSv1.2', 128), ('ECDHE-ECDSA-AES256-SHA384', 'TLSv1.2', 256), ('ECDHE-RSA-AES256-SHA384', 'TLSv1.2', 256), ('DHE-RSA-AES256-SHA256', 'TLSv1.2', 256), ('ECDHE-ECDSA-AES128-SHA256', 'TLSv1.2', 128), ('ECDHE-RSA-AES128-SHA256', 'TLSv1.2', 128), ('DHE-RSA-AES128-SHA256', 'TLSv1.2', 128), ('ECDHE-ECDSA-AES256-SHA', 'TLSv1.0', 256), ('ECDHE-RSA-AES256-SHA', 'TLSv1.0', 256), ('DHE-RSA-AES256-SHA', 'SSLv3', 256), ('ECDHE-ECDSA-AES128-SHA', 'TLSv1.0', 128), ('ECDHE-RSA-AES128-SHA', 'TLSv1.0', 128), ('DHE-RSA-AES128-SHA', 'SSLv3', 128), ('AES256-GCM-SHA384', 'TLSv1.2', 256), ('AES128-GCM-SHA256', 'TLSv1.2', 128), ('AES256-SHA256', 'TLSv1.2', 256), ('AES128-SHA256', 'TLSv1.2', 128), ('AES256-SHA', 'SSLv3', 256), ('AES128-SHA', 'SSLv3', 128)]
accept

bind

cipher

compression

do_handshake

getpeercert

The sslsocket class in Python

recv

shutdown

version

Copyright 2024 © pythontic.com