1
2tlslite version 0.4.8 Nov 12 2014
3Trevor Perrin <tlslite at trevp.net>
4http://trevp.net/tlslite/
5============================================================================
6
7
8Table of Contents
9==================
101 Introduction
112 License/Acknowledgements
123 Installation
134 Getting Started with the Command-Line Tools
145 Getting Started with the Library
156 Using TLS Lite with httplib
167 Using TLS Lite with poplib or imaplib
178 Using TLS Lite with smtplib
189 Using TLS Lite with SocketServer
1910 Using TLS Lite with asyncore
2011 SECURITY CONSIDERATIONS
2112 History
22
23
241 Introduction
25===============
26TLS Lite is an open source python library that implements SSL and TLS. TLS
27Lite supports RSA and SRP ciphersuites. TLS Lite is pure python, however it
28can use other libraries for faster crypto operations. TLS Lite integrates with
29several stdlib neworking libraries.
30
31API documentation is available in the 'docs' directory.
32
33If you have questions or feedback, feel free to contact me. For discussing
34improvements to tlslite, also see 'tlslite-dev@googlegroups.com'.
35
36
372 Licenses/Acknowledgements
38============================
39TLS Lite is written (mostly) by Trevor Perrin. It includes code from Bram
40Cohen, Google, Kees Bos, Sam Rushing, Dimitris Moraitis, Marcelo Fernandez,
41Martin von Loewis, Dave Baggett, and Yngve N. Pettersen (ported by Paul
42Sokolovsky).
43
44All code in TLS Lite has either been dedicated to the public domain by its
45authors, or placed under a BSD-style license. See the LICENSE file for
46details.
47
48Thanks to Edward Loper for Epydoc, which generated the API docs.
49
503 Installation
51===============
52Requirements:
53 Python 2.6 or higher is required. Python 3 is supported.
54
55Options:
56 - If you have the M2Crypto interface to OpenSSL, this will be used for fast
57 RSA operations and fast ciphers.
58
59 - If you have pycrypto this will be used for fast RSA operations and fast
60 ciphers.
61
62 - If you have the GMPY interface to GMP, this will be used for fast RSA and
63 SRP operations.
64
65 - These modules don't need to be present at installation - you can install
66 them any time.
67
68Run 'python setup.py install'
69
70Test the Installation:
71 - From the distribution's ./tests subdirectory, run:
72 ./tlstest.py server localhost:4443 .
73 - While the test server is waiting, run:
74 ./tlstest.py client localhost:4443 .
75
76 If both say "Test succeeded" at the end, you're ready to go.
77
78
794 Getting Started with the Command-Line Tools
80==============================================
81tlslite installs two command-line scripts: 'tlsdb.py' and 'tls.py'.
82
83'tls.py' lets you run test clients and servers. It can be used for testing
84other TLS implementations, or as example code. Note that 'tls.py server' runs
85an HTTPS server which will serve files rooted at the current directory by
86default, so be careful.
87
88'tlsdb.py' lets you manage SRP verifier databases. These databases are used by
89a TLS server when authenticating clients with SRP.
90
91X.509
92------
93To run an X.509 server, go to the ./tests directory and do:
94
95 tls.py server -k serverX509Key.pem -c serverX509Cert.pem localhost:4443
96
97Try connecting to the server with a web browser, or with:
98
99 tls.py client localhost:4443
100
101X.509 with TACK
102----------------
103To run an X.509 server using a TACK, install TACKpy, then run the same server
104command as above with added arguments:
105
106 ... -t TACK1.pem localhost:4443
107
108SRP
109----
110To run an SRP server, try something like:
111
112 tlsdb.py createsrp verifierDB
113 tlsdb.py add verifierDB alice abra123cadabra 1024
114 tlsdb.py add verifierDB bob swordfish 2048
115
116 tls.py server -v verifierDB localhost:4443
117
118Then try connecting to the server with:
119
120 tls.py client localhost:4443 alice abra123cadabra
121
122HTTPS
123------
124To run an HTTPS server with less typing, run ./tests/httpsserver.sh.
125
126To run an HTTPS client, run ./tests/httpsclient.py.
127
128
1295 Getting Started with the Library
130===================================
131Whether you're writing a client or server, there are six steps:
132
1331) Create a socket and connect it to the other party.
1342) Construct a TLSConnection instance with the socket.
1353) Call a handshake function on TLSConnection to perform the TLS handshake.
1364) Check the results to make sure you're talking to the right party.
1375) Use the TLSConnection to exchange data.
1386) Call close() on the TLSConnection when you're done.
139
140TLS Lite also integrates with several stdlib python libraries. See the
141sections following this one for details.
142
1435 Step 1 - create a socket
144---------------------------
145Below demonstrates a socket connection to Amazon's secure site.
146
147 from socket import *
148 sock = socket(AF_INET, SOCK_STREAM)
149 sock.connect( ("www.amazon.com", 443) )
150
1515 Step 2 - construct a TLSConnection
152-------------------------------------
153You can import tlslite objects individually, such as:
154 from tlslite import TLSConnection
155
156Or import the most useful objects through:
157 from tlslite.api import *
158
159Then do:
160 connection = TLSConnection(sock)
161
1625 Step 3 - call a handshake function (client)
163----------------------------------------------
164If you're a client, there's two different handshake functions you can call,
165depending on how you want to authenticate:
166
167 connection.handshakeClientCert()
168 connection.handshakeClientCert(certChain, privateKey)
169
170 connection.handshakeClientSRP("alice", "abra123cadabra")
171
172The ClientCert function without arguments is used when connecting to a site
173like Amazon, which doesn't require client authentication, but which will
174authenticate itself using an X.509 certificate chain.
175
176The ClientCert function can also be used to do client authentication with an
177X.509 certificate chain and corresponding private key. To use X.509 chains,
178you'll need some way of creating these, such as OpenSSL (see
179http://www.openssl.org/docs/HOWTO/ for details).
180
181Below is an example of loading an X.509 chain and private key:
182
183 from tlslite import X509, X509CertChain, parsePEMKey
184 s = open("./test/clientX509Cert.pem").read()
185 x509 = X509()
186 x509.parse(s)
187 certChain = X509CertChain([x509])
188 s = open("./test/clientX509Key.pem").read()
189 privateKey = parsePEMKey(s, private=True)
190
191The SRP function does mutual authentication with a username and password - see
192RFC 5054 for details.
193
194If you want more control over the handshake, you can pass in a
195HandshakeSettings instance. For example, if you're performing SRP, but you
196only want to use SRP parameters of at least 2048 bits, and you only want to
197use the AES-256 cipher, and you only want to allow TLS (version 3.1), not SSL
198(version 3.0), you can do:
199
200 settings = HandshakeSettings()
201 settings.minKeySize = 2048
202 settings.cipherNames = ["aes256"]
203 settings.minVersion = (3,1)
204 settings.useExperimentalTACKExtension = True # Needed for TACK support
205
206 connection.handshakeClientSRP("alice", "abra123cadabra", settings=settings)
207
208If you want to check the server's certificate using TACK, you should set the
209"useExperiementalTACKExtension" value in HandshakeSettings. (Eventually, TACK
210support will be enabled by default, but for now it is an experimental feature
211which relies on a temporary TLS Extension number, and should not be used for
212production software.) This will cause the client to request the server to send
213you a TACK (and/or any TACK Break Signatures):
214
215Finally, every TLSConnection has a session object. You can try to resume a
216previous session by passing in the session object from the old session. If the
217server remembers this old session and supports resumption, the handshake will
218finish more quickly. Otherwise, the full handshake will be done. For example:
219
220 connection.handshakeClientSRP("alice", "abra123cadabra")
221 .
222 .
223 oldSession = connection.session
224 connection2.handshakeClientSRP("alice", "abra123cadabra", session=
225 oldSession)
226
2275 Step 3 - call a handshake function (server)
228----------------------------------------------
229If you're a server, there's only one handshake function, but you can pass it
230several different parameters, depending on which types of authentication
231you're willing to perform.
232
233To perform SRP authentication, you have to pass in a database of password
234verifiers. The VerifierDB class manages an in-memory or on-disk verifier
235database.
236
237 verifierDB = VerifierDB("./test/verifierDB")
238 verifierDB.open()
239 connection.handshakeServer(verifierDB=verifierDB)
240
241To perform authentication with a certificate and private key, the server must
242load these as described in the previous section, then pass them in. If the
243server sets the reqCert boolean to True, a certificate chain will be requested
244from the client.
245
246 connection.handshakeServer(certChain=certChain, privateKey=privateKey,
247 reqCert=True)
248
249You can pass in a verifier database and/or a certificate chain+private key.
250The client will use one or both to authenticate the server.
251
252You can also pass in a HandshakeSettings object, as described in the last
253section, for finer control over handshaking details.
254
255If you are passing in a certificate chain+private key, you may additionally
256provide a TACK to assist the client in authenticating your certificate chain.
257This requires the TACKpy library. Load a TACKpy.TACK object, then do:
258
259 settings = HandshakeSettings()
260 settings.useExperimentalTACKExtension = True # Needed for TACK support
261
262 connection.handshakeServer(certChain=certChain, privateKey=privateKey,
263 tack=tack, settings=settings)
264
265Finally, the server can maintain a SessionCache, which will allow clients to
266use session resumption:
267
268 sessionCache = SessionCache()
269 connection.handshakeServer(verifierDB=verifierDB, sessionCache=sessionCache)
270
271It should be noted that the session cache, and the verifier databases, are all
272thread-safe.
273
2745 Step 4 - check the results
275-----------------------------
276If the handshake completes without raising an exception, authentication
277results will be stored in the connection's session object. The following
278variables will be populated if applicable, or else set to None:
279
280 connection.session.srpUsername # string
281 connection.session.clientCertChain # X509CertChain
282 connection.session.serverCertChain # X509CertChain
283 connection.session.tackExt # TACKpy.TACK_Extension
284
285X.509 chain objects return the end-entity fingerprint via getFingerprint(),
286and ignore the other certificates.
287
288TACK objects return the (validated) TACK ID via getTACKID().
289
290To save yourself the trouble of inspecting certificates after the handshake,
291you can pass a Checker object into the handshake function. The checker will be
292called if the handshake completes successfully. If the other party isn't
293approved by the checker, a subclass of TLSAuthenticationError will be raised.
294
295If the handshake fails for any reason, including a Checker error, an exception
296will be raised and the socket will be closed. If the socket timed out or was
297unexpectedly closed, a socket.error or TLSAbruptCloseError will be raised.
298
299Otherwise, either a TLSLocalAlert or TLSRemoteAlert will be raised, depending
300on whether the local or remote implementation signalled the error. The
301exception object has a 'description' member which identifies the error based
302on the codes in RFC 2246. A TLSLocalAlert also has a 'message' string that may
303have more details.
304
305Example of handling a remote alert:
306
307 try:
308 [...]
309 except TLSRemoteAlert as alert:
310 if alert.description == AlertDescription.unknown_psk_identity:
311 print "Unknown user."
312 [...]
313
314Below are some common alerts and their probable causes, and whether they are
315signalled by the client or server.
316
317Client handshake_failure:
318 - SRP parameters are not recognized by client
319 - Server's TACK was unrelated to its certificate chain
320
321Client insufficient_security:
322 - SRP parameters are too small
323
324Client protocol_version:
325 - Client doesn't support the server's protocol version
326
327Server protocol_version:
328 - Server doesn't support the client's protocol version
329
330Server bad_record_mac:
331 - bad SRP username or password
332
333Server unknown_psk_identity
334 - bad SRP username (bad_record_mac could be used for the same thing)
335
336Server handshake_failure:
337 - no matching cipher suites
338
3395 Step 5 - exchange data
340-------------------------
341Now that you have a connection, you can call read() and write() as if it were
342a socket.SSL object. You can also call send(), sendall(), recv(), and
343makefile() as if it were a socket. These calls may raise TLSLocalAlert,
344TLSRemoteAlert, socket.error, or TLSAbruptCloseError, just like the handshake
345functions.
346
347Once the TLS connection is closed by the other side, calls to read() or recv()
348will return an empty string. If the socket is closed by the other side without
349first closing the TLS connection, calls to read() or recv() will return a
350TLSAbruptCloseError, and calls to write() or send() will return a
351socket.error.
352
3535 Step 6 - close the connection
354--------------------------------
355When you're finished sending data, you should call close() to close the
356connection and socket. When the connection is closed properly, the session
357object can be used for session resumption.
358
359If an exception is raised the connection will be automatically closed; you
360don't need to call close(). Furthermore, you will probably not be able to
361re-use the socket, the connection object, or the session object, and you
362shouldn't even try.
363
364By default, calling close() will close the underlying socket. If you set the
365connection's closeSocket flag to False, the socket will remain open after
366close. (NOTE: some TLS implementations will not respond properly to the
367close_notify alert that close() generates, so the connection will hang if
368closeSocket is set to True.)
369
370
3716 Using TLS Lite with httplib
372==============================
373TLS Lite comes with an HTTPTLSConnection class that extends httplib to work
374over SSL/TLS connections. Depending on how you construct it, it will do
375different types of authentication.
376
377 #No authentication whatsoever
378 h = HTTPTLSConnection("www.amazon.com", 443)
379 h.request("GET", "")
380 r = h.getresponse()
381 [...]
382
383 #Authenticate server based on its TACK ID
384 h = HTTPTLSConnection("localhost", 4443,
385 tackID="B3ARS.EQ61B.F34EL.9KKLN.3WEW5", hardTack=False)
386 [...]
387
388 #Mutually authenticate with SRP
389 h = HTTPTLSConnection("localhost", 443,
390 username="alice", password="abra123cadabra")
391 [...]
392
393
3947 Using TLS Lite with poplib or imaplib
395========================================
396TLS Lite comes with POP3_TLS and IMAP4_TLS classes that extend poplib and
397imaplib to work over SSL/TLS connections. These classes can be constructed
398with the same parameters as HTTPTLSConnection (see previous section), and
399behave similarly.
400
401 #To connect to a POP3 server over SSL and display its fingerprint:
402 from tlslite.api import *
403 p = POP3_TLS("---------.net", port=995)
404 print p.sock.session.serverCertChain.getFingerprint()
405 [...]
406
407 #To connect to an IMAP server once you know its fingerprint:
408 from tlslite.api import *
409 i = IMAP4_TLS("cyrus.andrew.cmu.edu",
410 x509Fingerprint="00c14371227b3b677ddb9c4901e6f2aee18d3e45")
411 [...]
412
413
4148 Using TLS Lite with smtplib
415==============================
416TLS Lite comes with an SMTP_TLS class that extends smtplib to work
417over SSL/TLS connections. This class accepts the same parameters as
418HTTPTLSConnection (see previous section), and behaves similarly. Depending
419on how you call starttls(), it will do different types of authentication.
420
421 #To connect to an SMTP server once you know its fingerprint:
422 from tlslite.api import *
423 s = SMTP_TLS("----------.net", port=587)
424 s.ehlo()
425 s.starttls(x509Fingerprint="7e39be84a2e3a7ad071752e3001d931bf82c32dc")
426 [...]
427
428
4299 Using TLS Lite with SocketServer
430====================================
431You can use TLS Lite to implement servers using Python's SocketServer
432framework. TLS Lite comes with a TLSSocketServerMixIn class. You can combine
433this with a TCPServer such as HTTPServer. To combine them, define a new class
434that inherits from both of them (with the mix-in first). Then implement the
435handshake() method, doing some sort of server handshake on the connection
436argument. If the handshake method returns True, the RequestHandler will be
437triggered. See the tests/httpsserver.py example.
438
439
44010 Using TLS Lite with asyncore
441================================
442TLS Lite can be used with subclasses of asyncore.dispatcher. See the comments
443in TLSAsyncDispatcherMixIn.py for details. This is still experimental, and
444may not work with all asyncore.dispatcher subclasses.
445
446
44711 Security Considerations
448===========================
449TLS Lite is beta-quality code. It hasn't received much security analysis. Use
450at your own risk.
451
452TLS Lite does NOT verify certificates by default.
453
454TLS Lite's pure-python ciphers are probably vulnerable to timing attacks.
455
456TLS Lite is probably vulnerable to the "Lucky 13" timing attack if AES or 3DES
457are used, or the weak cipher RC4 otherwise. This unhappy situation will remain
458until TLS Lite implements authenticated-encryption ciphersuites (like GCM), or
459RFC 7366.
460
461
46212 History
463===========
4640.4.8 - 11/12/2014
465 - Added more acknowledgements and security considerations
4660.4.7 - 11/12/2014
467 - Added TLS 1.2 support (Yngve Pettersen and Paul Sokolovsky)
468 - Don't offer SSLv3 by default (e.g. POODLE)
469 - Fixed bug with PyCrypto_RSA integration
470 - Fixed harmless bug that added non-prime into sieves list
471 - Added "make test" and "make test-dev" targets (Hubert Kario)
4720.4.5 - 3/20/2013
473 - **API CHANGE**: TLSClosedConnectionError instead of ValueError when writing
474 to a closed connection. This inherits from socket.error, so should
475 interact better with SocketServer (see http://bugs.python.org/issue14574)
476 and other things expecting a socket.error in this situation.
477 - Added support for RC4-MD5 ciphersuite (if enabled in settings)
478 - This is allegedly necessary to connect to some Internet servers.
479 - Added TLSConnection.unread() function
480 - Switched to New-style classes (inherit from 'object')
481 - Minor cleanups
4820.4.4 - 2/25/2013
483 - Added Python 3 support (Martin von Loewis)
484 - Added NPN client support (Marcelo Fernandez)
485 - Switched to RC4 as preferred cipher
486 - faster in Python, avoids "Lucky 13" timing attacks
487 - Fixed bug when specifying ciphers for anon ciphersuites
488 - Made RSA hashAndVerify() tolerant of sigs w/o encoded NULL AlgorithmParam
489 - (this function is not used for TLS currently, and this tolerance may
490 not even be necessary)
4910.4.3 - 9/27/2012
492 - Minor bugfix (0.4.2 doesn't load tackpy)
4930.4.2 - 9/25/2012
494 - Updated TACK (compatible with tackpy 0.9.9)
4950.4.1 - 5/22/2012
496 - Fixed RSA padding bugs (w/help from John Randolph)
497 - Updated TACK (compatible with tackpy 0.9.7)
498 - Added SNI
499 - Added NPN server support (Sam Rushing/Google)
500 - Added AnonDH (Dimitris Moraitis)
501 - Added X509CertChain.parsePemList
502 - Improved XML-RPC (Kees Bos)
503
5040.4.0 - 2/11/2012
505 - Fixed pycrypto support
506 - Fixed python 2.6 problems
507
5080.3.9.x - 2/7/2012
509
510Much code cleanup, in particular decomposing the handshake functions so they
511are readable. The main new feature is support for TACK, an experimental
512authentication method that provides a new way to pin server certificates (See
513https://github.com/moxie0/Convergence/wiki/TACK ).
514
515Also:
516
517 - Security Fixes
518 - Sends SCSV ciphersuite as per RFC 5746, to signal non-renegotiated
519 Client Hello. Does not support renegotiation (never has).
520 - Change from e=3 to e=65537 for generated RSA keys, not strictly
521 necessary but mitigates risk of sloppy verifier.
522 - 1/(n-1) countermeasure for BEAST.
523
524 - Behavior changes:
525 - Split cmdline into tls.py and tlstest.py, improved options.
526 - Formalized LICENSE.
527 - Defaults to closing socket after sending close_notify, fixes hanging.
528 problem that would occur sometime when waiting for other party's
529 close_notify.
530 - Update SRP to RFC 5054 compliance.
531 - Removed client handshake "callbacks", no longer support the SRP
532 re-handshake idiom within a single handshake function.
533
534 - Bugfixes
535 - Added hashlib support, removes Deprecation Warning due to sha and md5.
536 - Handled GeneratorExit exceptions that are a new Python feature, and
537 interfere with the async code if not handled.
538
539 - Removed:
540 - Shared keys (it was based on an ancient I-D, not TLS-PSK).
541 - cryptlib support, it wasn't used much, we have enough other options.
542 - cryptoIDs (TACK is better).
543 - win32prng extension module, as os.urandom is now available.
544 - Twisted integration (unused?, slowed down loading).
545 - Jython code (ancient, didn't work).
546 - Compat support for python versions < 2.7.
547
548 - Additions
549 - Support for TACK via TACKpy.
550 - Support for CertificateRequest.certificate_authorities ("reqCAs")
551 - Added TLSConnection.shutdown() to better mimic socket.
552 - Enabled Session resumption for XMLRPCTransport.
553
5540.3.8 - 2/21/2005
555 - Added support for poplib, imaplib, and smtplib
556 - Added python 2.4 windows installer
557 - Fixed occassional timing problems with test suite
5580.3.7 - 10/05/2004
559 - Added support for Python 2.2
560 - Cleaned up compatibility code, and docs, a bit
5610.3.6 - 9/28/2004
562 - Fixed script installation on UNIX
563 - Give better error message on old Python versions
5640.3.5 - 9/16/2004
565 - TLS 1.1 support
566 - os.urandom() support
567 - Fixed win32prng on some systems
5680.3.4 - 9/12/2004
569 - Updated for TLS/SRP draft 8
570 - Bugfix: was setting _versioncheck on SRP 1st hello, causing problems
571 with GnuTLS (which was offering TLS 1.1)
572 - Removed _versioncheck checking, since it could cause interop problems
573 - Minor bugfix: when cryptlib_py and and cryptoIDlib present, cryptlib
574 was complaining about being initialized twice
5750.3.3 - 6/10/2004
576 - Updated for TLS/SRP draft 7
577 - Updated test cryptoID cert chains for cryptoIDlib 0.3.1
5780.3.2 - 5/21/2004
579 - fixed bug when handling multiple handshake messages per record (e.g. IIS)
5800.3.1 - 4/21/2004
581 - added xmlrpclib integration
582 - fixed hanging bug in Twisted integration
583 - fixed win32prng to work on a wider range of win32 sytems
584 - fixed import problem with cryptoIDlib
585 - fixed port allocation problem when test scripts are run on some UNIXes
586 - made tolerant of buggy IE sending wrong version in premaster secret
5870.3.0 - 3/20/2004
588 - added API docs thanks to epydoc
589 - added X.509 path validation via cryptlib
590 - much cleaning/tweaking/re-factoring/minor fixes
5910.2.7 - 3/12/2004
592 - changed Twisted error handling to use connectionLost()
593 - added ignoreAbruptClose
5940.2.6 - 3/11/2004
595 - added Twisted errorHandler
596 - added TLSAbruptCloseError
597 - added 'integration' subdirectory
5980.2.5 - 3/10/2004
599 - improved asynchronous support a bit
600 - added first-draft of Twisted support
6010.2.4 - 3/5/2004
602 - cleaned up asyncore support
603 - added proof-of-concept for Twisted
6040.2.3 - 3/4/2004
605 - added pycrypto RSA support
606 - added asyncore support
6070.2.2 - 3/1/2004
608 - added GMPY support
609 - added pycrypto support
610 - added support for PEM-encoded private keys, in pure python
6110.2.1 - 2/23/2004
612 - improved PRNG use (cryptlib, or /dev/random, or CryptoAPI)
613 - added RSA blinding, to avoid timing attacks
614 - don't install local copy of M2Crypto, too problematic
6150.2.0 - 2/19/2004
616 - changed VerifierDB to take per-user parameters
617 - renamed tls_lite -> tlslite
6180.1.9 - 2/16/2004
619 - added post-handshake 'Checker'
620 - made compatible with Python 2.2
621 - made more forgiving of abrupt closure, since everyone does it:
622 if the socket is closed while sending/recv'ing close_notify,
623 just ignore it.
6240.1.8 - 2/12/2004
625 - TLSConnections now emulate sockets, including makefile()
626 - HTTPTLSConnection and TLSMixIn simplified as a result
6270.1.7 - 2/11/2004
628 - fixed httplib.HTTPTLSConnection with multiple requests
629 - fixed SocketServer to handle close_notify
630 - changed handshakeClientNoAuth() to ignore CertificateRequests
631 - changed handshakeClient() to ignore non-resumable session arguments
6320.1.6 - 2/10/2004
633 - fixed httplib support
6340.1.5 - 2/09/2004
635 - added support for httplib and SocketServer
636 - added support for SSLv3
637 - added support for 3DES
638 - cleaned up read()/write() behavior
639 - improved HMAC speed
6400.1.4 - 2/06/2004
641 - fixed dumb bug in tls.py
6420.1.3 - 2/05/2004
643 - change read() to only return requested number of bytes
644 - added support for shared-key and in-memory databases
645 - added support for PEM-encoded X.509 certificates
646 - added support for SSLv2 ClientHello
647 - fixed shutdown/re-handshaking behavior
648 - cleaned up handling of missing_srp_username
649 - renamed readString()/writeString() -> read()/write()
650 - added documentation
6510.1.2 - 2/04/2004
652 - added clienttest/servertest functions
653 - improved OpenSSL cipher wrappers speed
654 - fixed server when it has a key, but client selects plain SRP
655 - fixed server to postpone errors until it has read client's messages
656 - fixed ServerHello to only include extension data if necessary
6570.1.1 - 2/02/2004
658 - fixed close_notify behavior
659 - fixed handling of empty application data packets
660 - fixed socket reads to not consume extra bytes
661 - added testing functions to tls.py
6620.1.0 - 2/01/2004
663 - first release
664