summaryrefslogtreecommitdiffstats
path: root/third_party/tlslite/readme.txt
blob: c1f1b3840c7eff91e1b40049633e4945c57ad660 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815

tlslite version 0.3.8                                      February 21, 2005
Trevor Perrin <trevp at trevp.net>
http://trevp.net/tlslite/
============================================================================


Table of Contents
==================
1  Introduction
2  License/Acknowledgements
3  Installation
4  Getting Started with the Command-Line Tools
5  Getting Started with the Library
6  Using TLS Lite with httplib
7  Using TLS Lite with xmlrpclib
8  Using TLS Lite with poplib or imaplib
9  Using TLS Lite with smtplib
10 Using TLS Lite with SocketServer
11 Using TLS Lite with asyncore
12 Using TLS Lite with Twisted
13 SECURITY CONSIDERATIONS
14 History
15 References


1 Introduction
===============
TLS Lite is a free python library that implements SSL v3, TLS v1, and 
TLS v1.1 [0]. TLS Lite supports non-traditional authentication methods 
such as SRP [1], shared keys [2], and cryptoIDs [3], in addition to X.509
certificates.  TLS Lite is pure python, however it can access OpenSSL [4], 
cryptlib [5], pycrypto [9], and GMPY [10] for faster crypto operations.  TLS 
Lite integrates with httplib, xmlrpclib, poplib, imaplib, smtplib,
SocketServer, asyncore, and Twisted.

API documentation is available in the 'docs' directory.

If you have questions or feedback, feel free to contact me.


2 Licenses/Acknowledgements
============================
All code here is public domain.

Thanks to Bram Cohen for his public domain Rijndael implementation.

Thanks to Edward Loper for Epydoc, which generated the API docs.


3 Installation
===============
Requirements:
  Python 2.2 or greater is required.

Options:
  - If you have cryptoIDlib [8], you can use cryptoID certificate chains for
  authentication.  CryptoIDlib is the sister library to TLS Lite; it was
  written by the same author, and has a similar interface.

  - If you have the M2Crypto [6] interface to OpenSSL, this will be used for
  fast RSA operations and fast ciphers.

  - If you have the cryptlib_py [7] interface to cryptlib, this will be used
  for random number generation and fast ciphers.  If TLS Lite can't find an
  OS-level random-number generator (i.e. /dev/urandom on UNIX or CryptoAPI on
  Windows), then you must MUST install cryptlib.

  - If you have pycrypto [9], this will be used for fast ciphers and fast RSA
  operations.

  - If you have the GMPY [10] interface to GMP, this will be used for fast RSA
  and SRP operations.

  - These modules don't need to be present at installation - you can install
  them any time.

On Windows:
  Run the installer in the 'installers' directory.
  *OR*
  Run 'setup.py install' (this only works if your system has a compiler
  available).

Anywhere else:
  - Run 'python setup.py install'

Test the Installation:
  - The 'tls.py' script should have been copied onto your path.  If not,
    you may have to copy it there manually.
  - From the distribution's ./test subdirectory, run:
      tls.py servertest localhost:4443 .
  - While the test server is waiting, run:
      tls.py clienttest localhost:4443 .

  If both say "Test succeeded" at the end, you're ready to go.

  (WARNING: Be careful running these (or any) scripts from the distribution's
  root directory.  Depending on your path, the scripts may load the local copy
  of the library instead of the installed version, with unpredictable
  results).


4 Getting Started with the Command-Line Tools
==============================================
tlslite comes with two command-line scripts: 'tlsdb.py' and 'tls.py'.  They
can be run with no arguments to see a list of commands.

'tlsdb.py' lets you manage shared key or verifier databases.  These databases
store usernames associated with either shared keys, or SRP password verifiers.
These databases are used by a TLS server when authenticating clients with
shared keys or SRP.

'tls.py' lets you run test clients and servers.  It can be used for testing
other TLS implementations, or as example code for using tlslite.  To run an
SRP server, try something like:

  tlsdb.py createsrp verifierDB
  tlsdb.py add verifierDB alice abra123cadabra 1024
  tlsdb.py add verifierDB bob swordfish 2048

  tls.py serversrp localhost:443 verifierDB

Then you can try connecting to the server with:

  tls.py clientsrp localhost:443 alice abra123cadabra


5 Getting Started with the Library
===================================
Using the library is simple.  Whether you're writing a client or server, there
are six steps:
1) Create a socket and connect it to the other party.
2) Construct a TLSConnection instance with the socket.
3) Call a handshake function on TLSConnection to perform the TLS handshake.
4) Check the results to make sure you're talking to the right party.
5) Use the TLSConnection to exchange data.
6) Call close() on the TLSConnection when you're done.

TLS Lite also integrates with httplib, xmlrpclib, poplib, imaplib, smtplib, 
SocketServer, asyncore, and Twisted.  When used with these, some of the steps 
are performed for you.  See the sections following this one for details.

5 Step 1 - create a socket
---------------------------
Below demonstrates a socket connection to Amazon's secure site.  It's a good
idea to set the timeout value, so if the other side fails to respond you won't
end up waiting forever.

  from socket import *
  sock = socket(AF_INET, SOCK_STREAM)
  sock.connect( ("www.amazon.com", 443) )
  sock.settimeout(10)  #Only on python 2.3 or greater

5 Step 2 - construct a TLSConnection
-------------------------------------
  from tlslite.api import *
  connection = TLSConnection(sock)

5 Step 3 - call a handshake function (client)
----------------------------------------------
If you're a client, there's several different handshake functions you can
call, depending on how you want to authenticate:

  connection.handshakeClientCert()
  connection.handshakeClientCert(certChain, privateKey)
  connection.handshakeClientSRP("alice", "abra123cadabra")
  connection.handshakeClientSharedKey("alice", "PaVBVZkYqAjCQCu6UBL2xgsnZhw")
  connection.handshakeClientUnknown(srpCallback, certCallback)

The ClientCert function without arguments is used when connecting to a site
like Amazon, which doesn't require client authentication.  The server will
authenticate with a certificate chain.

The ClientCert function can also be used to do client authentication with an
X.509 or cryptoID certificate chain.  To use cryptoID chains, you'll need the
cryptoIDlib library [8].  To use X.509 chains, you'll need some way of
creating these, such as OpenSSL (see http://www.openssl.org/docs/HOWTO/ for
details).

Below are examples of loading cryptoID and X.509 certificate chains:

  #Load cryptoID certChain and privateKey.  Requires cryptoIDlib.
  from cryptoIDlib.CertChain import CertChain
  s = open("./test/clientCryptoIDChain.xml").read()
  certChain = CertChain()
  certChain.parse(s)
  s = open("./test/clientCryptoIDKey.xml").read()
  privateKey = parseXMLKey(s, private=True)

  #Load X.509 certChain and privateKey.
  s = open("./test/clientX509Cert.pem").read()
  x509 = X509()
  x509.parse(s)
  certChain = X509CertChain([x509])
  s = open("./test/clientX509Key.pem").read()
  privateKey = parsePEMKey(s, private=True)

The SRP and SharedKey functions both do mutual authentication with a username
and password.  The difference is this: SRP is slow but safer when using low-
entropy passwords, since the SRP protocol is not vulnerable to offline
dictionary attacks.  Using shared keys is faster, but it's only safe when
used with high-entropy secrets.  In general, you should prefer SRP for human-
memorable passwords, and use shared keys only when your performance needs
outweigh the inconvenience of handling large random strings.

[WARNING: shared keys and SRP are internet-drafts; these protocols may change,
which means future versions of tlslite may not be compatible with this one.
This is less likely with SRP, more likely with shared-keys.]

The Unknown function is used when you're not sure if the server requires
client authentication.	 If the server requests SRP or certificate-based
authentication, the appropriate callback will be triggered, and you should
return a tuple containing either a (username, password) or (certChain,
privateKey), as appropriate.  Alternatively, you can return None, which will
cancel the handshake from an SRP callback, or cause it to continue without
client authentication (if the server is willing) from a certificate callback.

If you want more control over the handshake, you can pass in a
HandshakeSettings instance.  For example, if you're performing SRP, but you
only want to use SRP parameters of at least 2048 bits, and you only want to use
the AES-256 cipher, and you only want to allow TLS (version 3.1), not SSL
(version 3.0), you can do:

  settings = HandshakeSettings()
  settings.minKeySize = 2048
  settings.cipherNames = ["aes256"]
  settings.minVersion = (3,1)
  connection.handshakeClientSRP("alice", "abra123cadabra", settings=settings)

Finally, every TLSConnection has a session object.  You can try to resume a
previous session by passing in the session object from the old session.  If
the server remembers this old session and supports resumption, the handshake
will finish more quickly.  Otherwise, the full handshake will be done.  For
example:

  connection.handshakeClientSRP("alice", "abra123cadabra")
  .
  .
  oldSession = connection.session
  connection2.handshakeClientSRP("alice", "abra123cadabra", session=
  oldSession)

5 Step 3 - call a handshake function (server)
----------------------------------------------
If you're a server, there's only one handshake function, but you can pass it
several different parameters, depending on which types of authentication
you're willing to perform.

To perform SRP authentication, you have to pass in a database of password
verifiers.  The VerifierDB class manages an in-memory or on-disk verifier
database.

  #On-disk database (use no-arg constructor if you want an in-memory DB)
  verifierDB = VerifierDB("./test/verifierDB")

  #Open the pre-existing database (can also 'create()' a new one)
  verifierDB.open()

  #Add to the database
  verifier = VerifierDB.makeVerifier("alice", "abra123cadabra", 2048)
  verifierDB["alice"] = verifier

  #Perform a handshake using the database
  connection.handshakeServer(verifierDB=verifierDB)

To perform shared key authentication, you have to pass in a database of shared
keys.  The SharedKeyDB class manages an in-memory or on-disk shared key
database.

  sharedKeyDB = SharedKeyDB("./test/sharedkeyDB")
  sharedKeyDB.open()
  sharedKeyDB["alice"] = "PaVBVZkYqAjCQCu6UBL2xgsnZhw"
  connection.handshakeServer(sharedKeyDB=sharedKeyDB)

To perform authentication with a certificate and private key, the server must
load these as described in the previous section, then pass them in.  If the
server sets the reqCert boolean to True, a certificate chain will be requested
from the client.

  connection.handshakeServer(certChain=certChain, privateKey=privateKey,
                             reqCert=True)

You can pass in any combination of a verifier database, a shared key database,
and a certificate chain/private key.  The client will use one of them to
authenticate.  In the case of SRP and a certificate chain/private key, they
both may be used.

You can also pass in a HandshakeSettings object, as described in the last
section, for finer control over handshaking details.  Finally, the server can
maintain a SessionCache, which will allow clients to use session resumption:

  sessionCache = SessionCache()
  connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCache)

It should be noted that the session cache, and the verifier and shared key
databases, are all thread-safe.

5 Step 4 - check the results
-----------------------------
If the handshake completes without raising an exception, authentication
results will be stored in the connection's session object.  The following
variables will be populated if applicable, or else set to None:

  connection.session.srpUsername       #string
  connection.session.sharedKeyUsername #string
  connection.session.clientCertChain   #X509CertChain or
                                       #cryptoIDlib.CertChain.CertChain
  connection.session.serverCertChain   #X509CertChain or
                                       #cryptoIDlib.CertChain.CertChain

Both types of certificate chain object support the getFingerprint() function,
but with a difference.  X.509 objects return the end-entity fingerprint, and
ignore the other certificates.  CryptoID fingerprints (aka "cryptoIDs") are
based on the root cryptoID certificate, so you have to call validate() on the
CertChain to be sure you're really talking to the cryptoID.

X.509 certificate chain objects may also be validated against a list of
trusted root certificates.  See the API documentation for details.

To save yourself the trouble of inspecting fingerprints after the handshake,
you can pass a Checker object into the handshake function.  The checker will be
called if the handshake completes successfully.  If the other party's
certificate chain isn't approved by the checker, a subclass of
TLSAuthenticationError will be raised.  For example, to perform a handshake
with a server based on its X.509 fingerprint, do:

  try:
    checker = Checker(\
              x509Fingerprint='e049ff930af76d43ff4c658b268786f4df1296f2')
    connection.handshakeClientCert(checker=checker)
  except TLSAuthenticationError:
    print "Authentication failure"

If the handshake fails for any reason, an exception will be raised.  If the
socket timed out or was unexpectedly closed, a socket.error or
TLSAbruptCloseError will be raised.  Otherwise, either a TLSLocalAlert or
TLSRemoteAlert will be raised, depending on whether the local or remote
implementation signalled the error.  The exception object has a 'description'
member which identifies the error based on the codes in RFC 2246.  A
TLSLocalAlert also has a 'message' string that may have more details.

Example of handling a remote alert:

  try:
      [...]
  except TLSRemoteAlert, alert:
      if alert.description == AlertDescription.unknown_srp_username:
          print "Unknown user."
  [...]

Figuring out what went wrong based on the alert may require some
interpretation, particularly with remote alerts where you don't have an error
string, and where the remote implementation may not be signalling alerts
properly.  Many alerts signal an implementation error, and so should rarely be
seen in normal operation (unexpected_message, decode_error, illegal_parameter,
internal_error, etc.).

Others alerts are more likely to occur.  Below are some common alerts and
their probable causes, and whether they are signalled by the client or server.

Client bad_record_mac:
 - bad shared key password

Client handshake failure:
 - SRP parameters are not recognized by client

Client user_canceled:
 - The client might have returned None from an SRP callback.

Client insufficient_security:
 - SRP parameters are too small

Client protocol_version:
 - Client doesn't support the server's protocol version

Server protocol_version:
 - Server doesn't support the client's protocol version

Server bad_record_mac:
 - bad SRP username or password

Server unknown_srp_username
 - bad SRP username (bad_record_mac could be used for the same thing)

Server handshake_failure:
 - bad shared key username
 - no matching cipher suites

5 Step 5 - exchange data
-------------------------
Now that you have a connection, you can call read() and write() as if it were
a socket.SSL object.  You can also call send(), sendall(), recv(), and
makefile() as if it were a socket.  These calls may raise TLSLocalAlert,
TLSRemoteAlert, socket.error, or TLSAbruptCloseError, just like the handshake
functions.

Once the TLS connection is closed by the other side, calls to read() or recv()
will return an empty string.  If the socket is closed by the other side
without first closing the TLS connection, calls to read() or recv() will return
a TLSAbruptCloseError, and calls to write() or send() will return a
socket.error.

5 Step 6 - close the connection
--------------------------------
When you're finished sending data, you should call close() to close the
connection down.  When the connection is closed properly, the socket stays
open and can be used for exchanging non-secure data, the session object can be
used for session resumption, and the connection object can be re-used by
calling another handshake function.

If an exception is raised, the connection will be automatically closed; you
don't need to call close().  Furthermore, you will probably not be able to re-
use the socket, the connection object, or the session object, and you
shouldn't even try.

By default, calling close() will leave the socket open.  If you set the
connection's closeSocket flag to True, the connection will take ownership of
the socket, and close it when the connection is closed.


6 Using TLS Lite with httplib
==============================
TLS Lite comes with an HTTPTLSConnection class that extends httplib to work
over SSL/TLS connections.  Depending on how you construct it, it will do
different types of authentication.

  #No authentication whatsoever
  h = HTTPTLSConnection("www.amazon.com", 443)
  h.request("GET", "")
  r = h.getresponse()
  [...]

  #Authenticate server based on its X.509 fingerprint
  h = HTTPTLSConnection("www.amazon.com", 443,
          x509Fingerprint="e049ff930af76d43ff4c658b268786f4df1296f2")
  [...]

  #Authenticate server based on its X.509 chain (requires cryptlib_py [7])
  h = HTTPTLSConnection("www.amazon.com", 443,
          x509TrustList=[verisignCert],
          x509CommonName="www.amazon.com")
  [...]

  #Authenticate server based on its cryptoID
  h = HTTPTLSConnection("localhost", 443,
          cryptoID="dmqb6.fq345.cxk6g.5fha3")
  [...]

  #Mutually authenticate with SRP
  h = HTTPTLSConnection("localhost", 443,
          username="alice", password="abra123cadabra")
  [...]

  #Mutually authenticate with a shared key
  h = HTTPTLSConnection("localhost", 443,
          username="alice", sharedKey="PaVBVZkYqAjCQCu6UBL2xgsnZhw")
  [...]

  #Mutually authenticate with SRP, *AND* authenticate the server based
  #on its cryptoID
  h = HTTPTLSConnection("localhost", 443,
          username="alice", password="abra123cadabra",
          cryptoID="dmqb6.fq345.cxk6g.5fha3")
  [...]


7 Using TLS Lite with xmlrpclib
================================
TLS Lite comes with an XMLRPCTransport class that extends xmlrpclib to work
over SSL/TLS connections.  This class accepts the same parameters as
HTTPTLSConnection (see previous section), and behaves similarly.  Depending on
how you construct it, it will do different types of authentication.

  from tlslite.api import XMLRPCTransport
  from xmlrpclib import ServerProxy

  #No authentication whatsoever
  transport = XMLRPCTransport()
  server = ServerProxy("https://localhost", transport)
  server.someFunc(2, 3)
  [...]

  #Authenticate server based on its X.509 fingerprint
  transport = XMLRPCTransport(\
          x509Fingerprint="e049ff930af76d43ff4c658b268786f4df1296f2")  
  [...]


8 Using TLS Lite with poplib or imaplib
========================================
TLS Lite comes with POP3_TLS and IMAP4_TLS classes that extend poplib and
imaplib to work over SSL/TLS connections.  These classes can be constructed
with the same parameters as HTTPTLSConnection (see previous section), and 
behave similarly.

  #To connect to a POP3 server over SSL and display its fingerprint:
  from tlslite.api import *
  p = POP3_TLS("---------.net")
  print p.sock.session.serverCertChain.getFingerprint()
  [...]

  #To connect to an IMAP server once you know its fingerprint:
  from tlslite.api import *
  i = IMAP4_TLS("cyrus.andrew.cmu.edu",
          x509Fingerprint="00c14371227b3b677ddb9c4901e6f2aee18d3e45")
  [...]  
  

9 Using TLS Lite with smtplib
==============================
TLS Lite comes with an SMTP_TLS class that extends smtplib to work
over SSL/TLS connections.  This class accepts the same parameters as
HTTPTLSConnection (see previous section), and behaves similarly.  Depending 
on how you call starttls(), it will do different types of authentication.

  #To connect to an SMTP server once you know its fingerprint:
  from tlslite.api import *
  s = SMTP_TLS("----------.net")
  s.starttls(x509Fingerprint="7e39be84a2e3a7ad071752e3001d931bf82c32dc")
  [...]


10 Using TLS Lite with SocketServer
====================================
You can use TLS Lite to implement servers using Python's SocketServer
framework.  TLS Lite comes with a TLSSocketServerMixIn class.  You can combine
this with a TCPServer such as HTTPServer.  To combine them, define a new class
that inherits from both of them (with the mix-in first). Then implement the
handshake() method, doing some sort of server handshake on the connection
argument.  If the handshake method returns True, the RequestHandler will be
triggered.  Below is a complete example of a threaded HTTPS server.

  from SocketServer import *
  from BaseHTTPServer import *
  from SimpleHTTPServer import *
  from tlslite.api import *

  s = open("./serverX509Cert.pem").read()
  x509 = X509()
  x509.parse(s)
  certChain = X509CertChain([x509])

  s = open("./serverX509Key.pem").read()
  privateKey = parsePEMKey(s, private=True)

  sessionCache = SessionCache()

  class MyHTTPServer(ThreadingMixIn, TLSSocketServerMixIn, HTTPServer):
      def handshake(self, tlsConnection):
          try:
              tlsConnection.handshakeServer(certChain=certChain,
                                            privateKey=privateKey,
                                            sessionCache=sessionCache)
              tlsConnection.ignoreAbruptClose = True
              return True
          except TLSError, error:
              print "Handshake failure:", str(error)
              return False

  httpd = MyHTTPServer(('localhost', 443), SimpleHTTPRequestHandler)
  httpd.serve_forever()


11 Using TLS Lite with asyncore
================================
TLS Lite can be used with subclasses of asyncore.dispatcher.  See the comments
in TLSAsyncDispatcherMixIn.py for details.  This is still experimental, and
may not work with all asyncore.dispatcher subclasses.

Below is an example of combining Medusa's http_channel with
TLSAsyncDispatcherMixIn:

  class http_tls_channel(TLSAsyncDispatcherMixIn,
                         http_server.http_channel):
      ac_in_buffer_size = 16384

      def __init__ (self, server, conn, addr):
          http_server.http_channel.__init__(self, server, conn, addr)
          TLSAsyncDispatcherMixIn.__init__(self, conn)
          self.tlsConnection.ignoreAbruptClose = True
          self.setServerHandshakeOp(certChain=certChain,
                                    privateKey=privateKey)


12 Using TLS Lite with Twisted
===============================
TLS Lite can be used with Twisted protocols.  Below is a complete example of
using TLS Lite with a Twisted echo server.

There are two server implementations below.  Echo is the original protocol,
which is oblivious to TLS.  Echo1 subclasses Echo and negotiates TLS when the
client connects.  Echo2 subclasses Echo and negotiates TLS when the client
sends "STARTTLS".

  from twisted.internet.protocol import Protocol, Factory
  from twisted.internet import reactor
  from twisted.protocols.policies import WrappingFactory
  from twisted.protocols.basic import LineReceiver
  from twisted.python import log
  from twisted.python.failure import Failure
  import sys
  from tlslite.api import *

  s = open("./serverX509Cert.pem").read()
  x509 = X509()
  x509.parse(s)
  certChain = X509CertChain([x509])

  s = open("./serverX509Key.pem").read()
  privateKey = parsePEMKey(s, private=True)

  verifierDB = VerifierDB("verifierDB")
  verifierDB.open()

  class Echo(LineReceiver):
      def connectionMade(self):
          self.transport.write("Welcome to the echo server!\r\n")

      def lineReceived(self, line):
          self.transport.write(line + "\r\n")

  class Echo1(Echo):
      def connectionMade(self):
          if not self.transport.tlsStarted:
              self.transport.setServerHandshakeOp(certChain=certChain,
                                                  privateKey=privateKey,
                                                  verifierDB=verifierDB)
          else:
              Echo.connectionMade(self)

      def connectionLost(self, reason):
          pass #Handle any TLS exceptions here

  class Echo2(Echo):
      def lineReceived(self, data):
          if data == "STARTTLS":
              self.transport.setServerHandshakeOp(certChain=certChain,
                                                  privateKey=privateKey,
                                                  verifierDB=verifierDB)
          else:
              Echo.lineReceived(self, data)

      def connectionLost(self, reason):
          pass #Handle any TLS exceptions here

  factory = Factory()
  factory.protocol = Echo1
  #factory.protocol = Echo2

  wrappingFactory = WrappingFactory(factory)
  wrappingFactory.protocol = TLSTwistedProtocolWrapper

  log.startLogging(sys.stdout)
  reactor.listenTCP(1079, wrappingFactory)
  reactor.run()


13 Security Considerations
===========================
TLS Lite is beta-quality code.  It hasn't received much security analysis.
Use at your own risk.


14 History
===========
0.3.8 - 2/21/2005
 - Added support for poplib, imaplib, and smtplib
 - Added python 2.4 windows installer
 - Fixed occassional timing problems with test suite
0.3.7 - 10/05/2004
 - Added support for Python 2.2
 - Cleaned up compatibility code, and docs, a bit
0.3.6 - 9/28/2004
 - Fixed script installation on UNIX
 - Give better error message on old Python versions
0.3.5 - 9/16/2004
 - TLS 1.1 support
 - os.urandom() support
 - Fixed win32prng on some systems
0.3.4 - 9/12/2004
 - Updated for TLS/SRP draft 8
 - Bugfix: was setting _versioncheck on SRP 1st hello, causing problems
   with GnuTLS (which was offering TLS 1.1)
 - Removed _versioncheck checking, since it could cause interop problems
 - Minor bugfix: when cryptlib_py and and cryptoIDlib present, cryptlib
   was complaining about being initialized twice
0.3.3 - 6/10/2004
 - Updated for TLS/SRP draft 7
 - Updated test cryptoID cert chains for cryptoIDlib 0.3.1
0.3.2 - 5/21/2004
 - fixed bug when handling multiple handshake messages per record (e.g. IIS)
0.3.1 - 4/21/2004
 - added xmlrpclib integration
 - fixed hanging bug in Twisted integration
 - fixed win32prng to work on a wider range of win32 sytems
 - fixed import problem with cryptoIDlib
 - fixed port allocation problem when test scripts are run on some UNIXes
 - made tolerant of buggy IE sending wrong version in premaster secret
0.3.0 - 3/20/2004
 - added API docs thanks to epydoc
 - added X.509 path validation via cryptlib
 - much cleaning/tweaking/re-factoring/minor fixes
0.2.7 - 3/12/2004
 - changed Twisted error handling to use connectionLost()
 - added ignoreAbruptClose
0.2.6 - 3/11/2004
 - added Twisted errorHandler
 - added TLSAbruptCloseError
 - added 'integration' subdirectory
0.2.5 - 3/10/2004
 - improved asynchronous support a bit
 - added first-draft of Twisted support
0.2.4 - 3/5/2004
 - cleaned up asyncore support
 - added proof-of-concept for Twisted
0.2.3 - 3/4/2004
 - added pycrypto RSA support
 - added asyncore support
0.2.2 - 3/1/2004
 - added GMPY support
 - added pycrypto support
 - added support for PEM-encoded private keys, in pure python
0.2.1 - 2/23/2004
 - improved PRNG use (cryptlib, or /dev/random, or CryptoAPI)
 - added RSA blinding, to avoid timing attacks
 - don't install local copy of M2Crypto, too problematic
0.2.0 - 2/19/2004
 - changed VerifierDB to take per-user parameters
 - renamed tls_lite -> tlslite
0.1.9 - 2/16/2004
 - added post-handshake 'Checker'
 - made compatible with Python 2.2
 - made more forgiving of abrupt closure, since everyone does it:
   if the socket is closed while sending/recv'ing close_notify,
   just ignore it.
0.1.8 - 2/12/2004
 - TLSConnections now emulate sockets, including makefile()
 - HTTPTLSConnection and TLSMixIn simplified as a result
0.1.7 - 2/11/2004
 - fixed httplib.HTTPTLSConnection with multiple requests
 - fixed SocketServer to handle close_notify
 - changed handshakeClientNoAuth() to ignore CertificateRequests
 - changed handshakeClient() to ignore non-resumable session arguments
0.1.6 - 2/10/2004
 - fixed httplib support
0.1.5 - 2/09/2004
 - added support for httplib and SocketServer
 - added support for SSLv3
 - added support for 3DES
 - cleaned up read()/write() behavior
 - improved HMAC speed
0.1.4 - 2/06/2004
 - fixed dumb bug in tls.py
0.1.3 - 2/05/2004
 - change read() to only return requested number of bytes
 - added support for shared-key and in-memory databases
 - added support for PEM-encoded X.509 certificates
 - added support for SSLv2 ClientHello
 - fixed shutdown/re-handshaking behavior
 - cleaned up handling of missing_srp_username
 - renamed readString()/writeString() -> read()/write()
 - added documentation
0.1.2 - 2/04/2004
 - added clienttest/servertest functions
 - improved OpenSSL cipher wrappers speed
 - fixed server when it has a key, but client selects plain SRP
 - fixed server to postpone errors until it has read client's messages
 - fixed ServerHello to only include extension data if necessary
0.1.1 - 2/02/2004
 - fixed close_notify behavior
 - fixed handling of empty application data packets
 - fixed socket reads to not consume extra bytes
 - added testing functions to tls.py
0.1.0 - 2/01/2004
 - first release


15 References
==============
[0] http://www.ietf.org/html.charters/tls-charter.html
[1] http://www.trevp.net/tls_srp/draft-ietf-tls-srp-07.html
[2] http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt
[3] http://www.trevp.net/cryptoID/
[4] http://www.openssl.org/
[5] http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
[6] http://sandbox.rulemaker.net/ngps/m2/
[7] http://trevp.net/cryptlibConverter/
[8] http://www.trevp.net/cryptoID/
[9] http://www.amk.ca/python/code/crypto.html
[10] http://gmpy.sourceforge.net/