scapy.layers.tls.automaton_cli

TLS client automaton. This makes for a primitive TLS stack. Obviously you need rights for network access.

We support versions SSLv2 to TLS 1.2, along with many features. There is no session resumption mechanism for now.

In order to run a client to tcp/50000 with one cipher suite of your choice: > from scapy.all import * > ch = TLSClientHello(ciphers=<int code of the cipher suite>) > t = TLSClientAutomaton(dport=50000, client_hello=ch) > t.run()

class scapy.layers.tls.automaton_cli.TLSClientAutomaton(*args, **kargs)

Bases: scapy.layers.tls.automaton._TLSAutomaton

A simple TLS test client automaton. Try to overload some states or conditions and see what happens on the other side.

Rather than with an interruption, the best way to stop this client is by typing ‘quit’. This won’t be a message sent to the server.

_’mycert’ and ‘mykey’ may be provided as filenames. They will be used in the handshake, should the server ask for client authentication. _’server_name’ does not need to be set. _’client_hello’ may hold a TLSClientHello or SSLv2ClientHello to be sent to the server. This is particularly useful for extensions tweaking. _’version’ is a quicker way to advertise a protocol version (“sslv2”, “tls1”, “tls12”, etc.) It may be overridden by the previous ‘client_hello’. _’data’ is a list of raw data to be sent to the server once the handshake has been completed. Both ‘stop_server’ and ‘quit’ will work this way.

ADDED_CERTIFICATEVERIFY(*args, **kargs)
ADDED_CHANGECIPHERSPEC(*args, **kargs)
ADDED_CLIENTCERTIFICATE(*args, **kargs)
ADDED_CLIENTDATA(*args, **kargs)
ADDED_CLIENTFINISHED(*args, **kargs)
ADDED_CLIENTHELLO(*args, **kargs)
ADDED_CLIENTKEYEXCHANGE(*args, **kargs)
CLOSE_NOTIFY(*args, **kargs)
CONNECT(*args, **kargs)
FINAL(*args, **kargs)
HANDLED_CERTIFICATEREQUEST(*args, **kargs)
HANDLED_CHANGECIPHERSPEC(*args, **kargs)
HANDLED_SERVERCERTIFICATE(*args, **kargs)
HANDLED_SERVERDATA(*args, **kargs)
HANDLED_SERVERFINISHED(*args, **kargs)
HANDLED_SERVERHELLO(*args, **kargs)
HANDLED_SERVERHELLODONE(*args, **kargs)
HANDLED_SERVERKEYEXCHANGE(*args, **kargs)
INITIAL(*args, **kargs)
INIT_TLS_SESSION(*args, **kargs)
MISSING_SERVERCERTIFICATE(*args, **kargs)
MISSING_SERVERHELLO(*args, **kargs)
MISSING_SERVERKEYEXCHANGE(*args, **kargs)
PREPARE_CLIENTFLIGHT1(*args, **kargs)
PREPARE_CLIENTFLIGHT2(*args, **kargs)
RECEIVED_SERVERDATA(*args, **kargs)
RECEIVED_SERVERFLIGHT1(*args, **kargs)
RECEIVED_SERVERFLIGHT2(*args, **kargs)
SENT_CLIENTDATA(*args, **kargs)
SENT_CLIENTFLIGHT1(*args, **kargs)
SENT_CLIENTFLIGHT2(*args, **kargs)
SSLv2_ADDED_CLIENTCERTIFICATE(*args, **kargs)
SSLv2_ADDED_CLIENTDATA(*args, **kargs)
SSLv2_ADDED_CLIENTFINISHED(*args, **kargs)
SSLv2_ADDED_CLIENTHELLO(*args, **kargs)
SSLv2_ADDED_CLIENTMASTERKEY(*args, **kargs)
SSLv2_CLOSE_NOTIFY(*args, **kargs)
SSLv2_HANDLED_REQUESTCERTIFICATE(*args, **kargs)
SSLv2_HANDLED_SERVERDATA(*args, **kargs)
SSLv2_HANDLED_SERVERFINISHED(*args, **kargs)
SSLv2_HANDLED_SERVERHELLO(*args, **kargs)
SSLv2_HANDLED_SERVERVERIFY(*args, **kargs)
SSLv2_MISSING_SERVERFINISHED(*args, **kargs)
SSLv2_MISSING_SERVERHELLO(*args, **kargs)
SSLv2_MISSING_SERVERVERIFY(*args, **kargs)
SSLv2_PREPARE_CLIENTHELLO(*args, **kargs)
SSLv2_RECEIVED_SERVERDATA(*args, **kargs)
SSLv2_RECEIVED_SERVERFINISHED(*args, **kargs)
SSLv2_RECEIVED_SERVERHELLO(*args, **kargs)
SSLv2_RECEIVED_SERVERVERIFY(*args, **kargs)
SSLv2_SENT_CLIENTCERTIFICATE(*args, **kargs)
SSLv2_SENT_CLIENTDATA(*args, **kargs)
SSLv2_SENT_CLIENTFINISHED(*args, **kargs)
SSLv2_SENT_CLIENTHELLO(*args, **kargs)
SSLv2_SENT_CLIENTMASTERKEY(*args, **kargs)
SSLv2_WAITING_CLIENTDATA(*args, **kargs)
SSLv2_WAITING_SERVERDATA(*args, **kargs)
SSLv2_WAITING_SERVERFINISHED(*args, **kargs)
SSLv2_WAITING_SERVERHELLO(*args, **kargs)
SSLv2_WAITING_SERVERVERIFY(*args, **kargs)
TLS13_ADDED_CLIENTFINISHED(*args, **kargs)
TLS13_ADDED_CLIENTHELLO(*args, **kargs)
TLS13_HANDLED_CERTIFICATE(*args, **kargs)
TLS13_HANDLED_CERTIFICATE_VERIFY(*args, **kargs)
TLS13_HANDLED_ENCRYPTEDEXTENSIONS(*args, **kargs)
TLS13_HANDLED_FINISHED(*args, **kargs)
TLS13_HANDLED_SERVERHELLO(*args, **kargs)
TLS13_PREPARE_CLIENTFLIGHT2(*args, **kargs)
TLS13_RECEIVED_SERVERFLIGHT1(*args, **kargs)
TLS13_SENDING_CLIENTFLIGHT1(*args, **kargs)
TLS13_SENT_CLIENTFLIGHT1(*args, **kargs)
TLS13_SENT_CLIENTFLIGHT2(*args, **kargs)
TLS13_START(*args, **kargs)
TLS13_WAITING_ENCRYPTEDEXTENSIONS(*args, **kargs)
TLS13_WAITING_SERVERFLIGHT1(*args, **kargs)
WAITING_SERVERDATA(*args, **kargs)
WAITING_SERVERFLIGHT1(*args, **kargs)
WAITING_SERVERFLIGHT2(*args, **kargs)
WAIT_CLIENTDATA(*args, **kargs)
actions = {'add_ClientData': [], 'close_session': [], 'missing_ServerCertificate': [], 'missing_ServerHello': [], 'missing_ServerKeyExchange': [], 'no_more_ClientData': [], 'should_add_ChangeCipherSpec_from_CertificateVerify': [], 'should_add_ChangeCipherSpec_from_ClientKeyExchange': [], 'should_add_ClientCertificate': [], 'should_add_ClientFinished': [], 'should_add_ClientHello': [], 'should_add_ClientKeyExchange_from_ClientCertificate': [], 'should_add_ClientKeyExchange_from_ClientFlight2': [], 'should_add_ClientVerify': [], 'should_handle_CertificateRequest_from_ServerCertificate': [], 'should_handle_CertificateRequest_from_ServerKeyExchange': [], 'should_handle_ChangeCipherSpec': [], 'should_handle_Finished': [], 'should_handle_ServerCertificate': [], 'should_handle_ServerData': [], 'should_handle_ServerHello': [], 'should_handle_ServerHelloDone_from_CertificateRequest': [], 'should_handle_ServerHelloDone_from_ServerCertificate': [], 'should_handle_ServerHelloDone_from_ServerKeyExchange': [], 'should_handle_ServerKeyExchange_from_ServerCertificate': [], 'should_send_ClientData': [], 'should_send_ClientFlight1': [], 'should_send_ClientFlight2': [], 'should_wait_ClientData': [], 'sslv2_add_ClientData': [], 'sslv2_close_session': [], 'sslv2_missing_ServerFinished': [], 'sslv2_missing_ServerHello': [], 'sslv2_missing_ServerVerify': [], 'sslv2_no_more_ClientData': [], 'sslv2_should_add_ClientCertificate': [], 'sslv2_should_add_ClientFinished_from_NoServerVerify': [], 'sslv2_should_add_ClientFinished_from_ServerVerify': [], 'sslv2_should_add_ClientHello': [], 'sslv2_should_add_ClientMasterKey': [], 'sslv2_should_handle_RequestCertificate': [], 'sslv2_should_handle_ServerData': [], 'sslv2_should_handle_ServerFinished': [], 'sslv2_should_handle_ServerHello': [], 'sslv2_should_handle_ServerVerify': [], 'sslv2_should_send_ClientCertificate': [], 'sslv2_should_send_ClientData': [], 'sslv2_should_send_ClientFinished': [], 'sslv2_should_send_ClientHello': [], 'sslv2_should_send_ClientMasterKey': [], 'sslv2_should_wait_ClientData': [], 'sslv2_should_wait_ServerFinished_from_ServerVerify': [], 'tls13_missing_CertificateVerify': [], 'tls13_missing_ServerHello': [], 'tls13_missing_encryptedExtension': [], 'tls13_should_add_ClientFinished': [], 'tls13_should_add_ClientHello': [], 'tls13_should_handle_AlertMessage_': [], 'tls13_should_handle_CertificateVerify': [], 'tls13_should_handle_EncryptedExtensions': [], 'tls13_should_handle_ServerHello': [], 'tls13_should_handle_certificate_from_encryptedExtensions': [], 'tls13_should_handle_encrytpedExtensions': [], 'tls13_should_handle_finished': [], 'tls13_should_send_ClientFlight1': [], 'tls13_should_send_ClientFlight2': []}
add_ClientData()

The user may type in: GET / HTTP/1.1rnHost: testserver.comrnrn Special characters are handled so that it becomes a valid HTTP request.

close_session()
conditions = {'ADDED_CERTIFICATEVERIFY': [<function TLSClientAutomaton.should_add_ChangeCipherSpec_from_CertificateVerify>], 'ADDED_CHANGECIPHERSPEC': [<function TLSClientAutomaton.should_add_ClientFinished>], 'ADDED_CLIENTCERTIFICATE': [<function TLSClientAutomaton.should_add_ClientKeyExchange_from_ClientCertificate>], 'ADDED_CLIENTDATA': [<function TLSClientAutomaton.should_send_ClientData>], 'ADDED_CLIENTFINISHED': [<function TLSClientAutomaton.should_send_ClientFlight2>], 'ADDED_CLIENTHELLO': [<function TLSClientAutomaton.should_send_ClientFlight1>], 'ADDED_CLIENTKEYEXCHANGE': [<function TLSClientAutomaton.should_add_ClientVerify>, <function TLSClientAutomaton.should_add_ChangeCipherSpec_from_ClientKeyExchange>], 'CLOSE_NOTIFY': [<function TLSClientAutomaton.close_session>], 'CONNECT': [], 'FINAL': [], 'HANDLED_CERTIFICATEREQUEST': [<function TLSClientAutomaton.should_handle_ServerHelloDone_from_CertificateRequest>], 'HANDLED_CHANGECIPHERSPEC': [<function TLSClientAutomaton.should_handle_Finished>], 'HANDLED_SERVERCERTIFICATE': [<function TLSClientAutomaton.should_handle_ServerKeyExchange_from_ServerCertificate>, <function TLSClientAutomaton.missing_ServerKeyExchange>, <function TLSClientAutomaton.should_handle_CertificateRequest_from_ServerCertificate>, <function TLSClientAutomaton.should_handle_ServerHelloDone_from_ServerCertificate>], 'HANDLED_SERVERDATA': [], 'HANDLED_SERVERFINISHED': [<function TLSClientAutomaton.should_wait_ClientData>], 'HANDLED_SERVERHELLO': [<function TLSClientAutomaton.should_handle_ServerCertificate>, <function TLSClientAutomaton.missing_ServerCertificate>], 'HANDLED_SERVERHELLODONE': [], 'HANDLED_SERVERKEYEXCHANGE': [<function TLSClientAutomaton.should_handle_ServerHelloDone_from_ServerKeyExchange>, <function TLSClientAutomaton.should_handle_CertificateRequest_from_ServerKeyExchange>], 'INITIAL': [], 'INIT_TLS_SESSION': [], 'MISSING_SERVERCERTIFICATE': [], 'MISSING_SERVERHELLO': [], 'MISSING_SERVERKEYEXCHANGE': [], 'PREPARE_CLIENTFLIGHT1': [<function TLSClientAutomaton.should_add_ClientHello>], 'PREPARE_CLIENTFLIGHT2': [<function TLSClientAutomaton.should_add_ClientCertificate>, <function TLSClientAutomaton.should_add_ClientKeyExchange_from_ClientFlight2>], 'RECEIVED_SERVERDATA': [<function TLSClientAutomaton.should_handle_ServerData>], 'RECEIVED_SERVERFLIGHT1': [<function TLSClientAutomaton.should_handle_ServerHello>, <function TLSClientAutomaton.missing_ServerHello>], 'RECEIVED_SERVERFLIGHT2': [<function TLSClientAutomaton.should_handle_ChangeCipherSpec>], 'SENT_CLIENTDATA': [], 'SENT_CLIENTFLIGHT1': [], 'SENT_CLIENTFLIGHT2': [], 'SSLv2_ADDED_CLIENTCERTIFICATE': [<function TLSClientAutomaton.sslv2_should_send_ClientCertificate>], 'SSLv2_ADDED_CLIENTDATA': [<function TLSClientAutomaton.sslv2_should_send_ClientData>], 'SSLv2_ADDED_CLIENTFINISHED': [<function TLSClientAutomaton.sslv2_should_send_ClientFinished>], 'SSLv2_ADDED_CLIENTHELLO': [<function TLSClientAutomaton.sslv2_should_send_ClientHello>], 'SSLv2_ADDED_CLIENTMASTERKEY': [<function TLSClientAutomaton.sslv2_should_send_ClientMasterKey>], 'SSLv2_CLOSE_NOTIFY': [<function TLSClientAutomaton.sslv2_close_session>], 'SSLv2_HANDLED_REQUESTCERTIFICATE': [<function TLSClientAutomaton.sslv2_should_add_ClientCertificate>], 'SSLv2_HANDLED_SERVERDATA': [], 'SSLv2_HANDLED_SERVERFINISHED': [<function TLSClientAutomaton.sslv2_should_wait_ClientData>], 'SSLv2_HANDLED_SERVERHELLO': [<function TLSClientAutomaton.sslv2_should_add_ClientMasterKey>], 'SSLv2_HANDLED_SERVERVERIFY': [<function TLSClientAutomaton.sslv2_should_add_ClientFinished_from_ServerVerify>, <function TLSClientAutomaton.sslv2_should_wait_ServerFinished_from_ServerVerify>], 'SSLv2_MISSING_SERVERFINISHED': [], 'SSLv2_MISSING_SERVERHELLO': [], 'SSLv2_MISSING_SERVERVERIFY': [], 'SSLv2_PREPARE_CLIENTHELLO': [<function TLSClientAutomaton.sslv2_should_add_ClientHello>], 'SSLv2_RECEIVED_SERVERDATA': [<function TLSClientAutomaton.sslv2_should_handle_ServerData>], 'SSLv2_RECEIVED_SERVERFINISHED': [<function TLSClientAutomaton.sslv2_should_handle_ServerFinished>, <function TLSClientAutomaton.sslv2_should_handle_RequestCertificate>, <function TLSClientAutomaton.sslv2_missing_ServerFinished>], 'SSLv2_RECEIVED_SERVERHELLO': [<function TLSClientAutomaton.sslv2_should_handle_ServerHello>, <function TLSClientAutomaton.sslv2_missing_ServerHello>], 'SSLv2_RECEIVED_SERVERVERIFY': [<function TLSClientAutomaton.sslv2_should_handle_ServerVerify>, <function TLSClientAutomaton.sslv2_should_add_ClientFinished_from_NoServerVerify>, <function TLSClientAutomaton.sslv2_missing_ServerVerify>], 'SSLv2_SENT_CLIENTCERTIFICATE': [], 'SSLv2_SENT_CLIENTDATA': [], 'SSLv2_SENT_CLIENTFINISHED': [], 'SSLv2_SENT_CLIENTHELLO': [], 'SSLv2_SENT_CLIENTMASTERKEY': [], 'SSLv2_WAITING_CLIENTDATA': [<function TLSClientAutomaton.sslv2_add_ClientData>, <function TLSClientAutomaton.sslv2_no_more_ClientData>], 'SSLv2_WAITING_SERVERDATA': [], 'SSLv2_WAITING_SERVERFINISHED': [], 'SSLv2_WAITING_SERVERHELLO': [], 'SSLv2_WAITING_SERVERVERIFY': [], 'TLS13_ADDED_CLIENTFINISHED': [<function TLSClientAutomaton.tls13_should_send_ClientFlight2>], 'TLS13_ADDED_CLIENTHELLO': [], 'TLS13_HANDLED_CERTIFICATE': [<function TLSClientAutomaton.tls13_should_handle_CertificateVerify>, <function TLSClientAutomaton.tls13_missing_CertificateVerify>], 'TLS13_HANDLED_CERTIFICATE_VERIFY': [<function TLSClientAutomaton.tls13_should_handle_finished>], 'TLS13_HANDLED_ENCRYPTEDEXTENSIONS': [<function TLSClientAutomaton.tls13_should_handle_certificate_from_encryptedExtensions>], 'TLS13_HANDLED_FINISHED': [], 'TLS13_HANDLED_SERVERHELLO': [<function TLSClientAutomaton.tls13_should_handle_encrytpedExtensions>, <function TLSClientAutomaton.tls13_missing_encryptedExtension>], 'TLS13_PREPARE_CLIENTFLIGHT2': [<function TLSClientAutomaton.tls13_should_add_ClientFinished>], 'TLS13_RECEIVED_SERVERFLIGHT1': [<function TLSClientAutomaton.tls13_should_handle_ServerHello>, <function TLSClientAutomaton.tls13_should_handle_AlertMessage_>, <function TLSClientAutomaton.tls13_missing_ServerHello>], 'TLS13_SENDING_CLIENTFLIGHT1': [<function TLSClientAutomaton.tls13_should_send_ClientFlight1>], 'TLS13_SENT_CLIENTFLIGHT1': [], 'TLS13_SENT_CLIENTFLIGHT2': [], 'TLS13_START': [<function TLSClientAutomaton.tls13_should_add_ClientHello>], 'TLS13_WAITING_ENCRYPTEDEXTENSIONS': [<function TLSClientAutomaton.tls13_should_handle_EncryptedExtensions>], 'TLS13_WAITING_SERVERFLIGHT1': [], 'WAITING_SERVERDATA': [], 'WAITING_SERVERFLIGHT1': [], 'WAITING_SERVERFLIGHT2': [], 'WAIT_CLIENTDATA': [<function TLSClientAutomaton.add_ClientData>, <function TLSClientAutomaton.no_more_ClientData>]}
initial_states = [<function ATMT.state.<locals>.deco.<locals>.state_wrapper>]
ioevents = {'ADDED_CERTIFICATEVERIFY': [], 'ADDED_CHANGECIPHERSPEC': [], 'ADDED_CLIENTCERTIFICATE': [], 'ADDED_CLIENTDATA': [], 'ADDED_CLIENTFINISHED': [], 'ADDED_CLIENTHELLO': [], 'ADDED_CLIENTKEYEXCHANGE': [], 'CLOSE_NOTIFY': [], 'CONNECT': [], 'FINAL': [], 'HANDLED_CERTIFICATEREQUEST': [], 'HANDLED_CHANGECIPHERSPEC': [], 'HANDLED_SERVERCERTIFICATE': [], 'HANDLED_SERVERDATA': [], 'HANDLED_SERVERFINISHED': [], 'HANDLED_SERVERHELLO': [], 'HANDLED_SERVERHELLODONE': [], 'HANDLED_SERVERKEYEXCHANGE': [], 'INITIAL': [], 'INIT_TLS_SESSION': [], 'MISSING_SERVERCERTIFICATE': [], 'MISSING_SERVERHELLO': [], 'MISSING_SERVERKEYEXCHANGE': [], 'PREPARE_CLIENTFLIGHT1': [], 'PREPARE_CLIENTFLIGHT2': [], 'RECEIVED_SERVERDATA': [], 'RECEIVED_SERVERFLIGHT1': [], 'RECEIVED_SERVERFLIGHT2': [], 'SENT_CLIENTDATA': [], 'SENT_CLIENTFLIGHT1': [], 'SENT_CLIENTFLIGHT2': [], 'SSLv2_ADDED_CLIENTCERTIFICATE': [], 'SSLv2_ADDED_CLIENTDATA': [], 'SSLv2_ADDED_CLIENTFINISHED': [], 'SSLv2_ADDED_CLIENTHELLO': [], 'SSLv2_ADDED_CLIENTMASTERKEY': [], 'SSLv2_CLOSE_NOTIFY': [], 'SSLv2_HANDLED_REQUESTCERTIFICATE': [], 'SSLv2_HANDLED_SERVERDATA': [], 'SSLv2_HANDLED_SERVERFINISHED': [], 'SSLv2_HANDLED_SERVERHELLO': [], 'SSLv2_HANDLED_SERVERVERIFY': [], 'SSLv2_MISSING_SERVERFINISHED': [], 'SSLv2_MISSING_SERVERHELLO': [], 'SSLv2_MISSING_SERVERVERIFY': [], 'SSLv2_PREPARE_CLIENTHELLO': [], 'SSLv2_RECEIVED_SERVERDATA': [], 'SSLv2_RECEIVED_SERVERFINISHED': [], 'SSLv2_RECEIVED_SERVERHELLO': [], 'SSLv2_RECEIVED_SERVERVERIFY': [], 'SSLv2_SENT_CLIENTCERTIFICATE': [], 'SSLv2_SENT_CLIENTDATA': [], 'SSLv2_SENT_CLIENTFINISHED': [], 'SSLv2_SENT_CLIENTHELLO': [], 'SSLv2_SENT_CLIENTMASTERKEY': [], 'SSLv2_WAITING_CLIENTDATA': [], 'SSLv2_WAITING_SERVERDATA': [], 'SSLv2_WAITING_SERVERFINISHED': [], 'SSLv2_WAITING_SERVERHELLO': [], 'SSLv2_WAITING_SERVERVERIFY': [], 'TLS13_ADDED_CLIENTFINISHED': [], 'TLS13_ADDED_CLIENTHELLO': [], 'TLS13_HANDLED_CERTIFICATE': [], 'TLS13_HANDLED_CERTIFICATE_VERIFY': [], 'TLS13_HANDLED_ENCRYPTEDEXTENSIONS': [], 'TLS13_HANDLED_FINISHED': [], 'TLS13_HANDLED_SERVERHELLO': [], 'TLS13_PREPARE_CLIENTFLIGHT2': [], 'TLS13_RECEIVED_SERVERFLIGHT1': [], 'TLS13_SENDING_CLIENTFLIGHT1': [], 'TLS13_SENT_CLIENTFLIGHT1': [], 'TLS13_SENT_CLIENTFLIGHT2': [], 'TLS13_START': [], 'TLS13_WAITING_ENCRYPTEDEXTENSIONS': [], 'TLS13_WAITING_SERVERFLIGHT1': [], 'WAITING_SERVERDATA': [], 'WAITING_SERVERFLIGHT1': [], 'WAITING_SERVERFLIGHT2': [], 'WAIT_CLIENTDATA': []}
ionames = []
iosupersockets = []
missing_ServerCertificate()
missing_ServerHello()
missing_ServerKeyExchange()
no_more_ClientData()
parse_args(server='127.0.0.1', dport=4433, server_name=None, mycert=None, mykey=None, client_hello=None, version=None, data=None, ciphersuite=None, curve=None, **kargs)
recv_conditions = {'ADDED_CERTIFICATEVERIFY': [], 'ADDED_CHANGECIPHERSPEC': [], 'ADDED_CLIENTCERTIFICATE': [], 'ADDED_CLIENTDATA': [], 'ADDED_CLIENTFINISHED': [], 'ADDED_CLIENTHELLO': [], 'ADDED_CLIENTKEYEXCHANGE': [], 'CLOSE_NOTIFY': [], 'CONNECT': [], 'FINAL': [], 'HANDLED_CERTIFICATEREQUEST': [], 'HANDLED_CHANGECIPHERSPEC': [], 'HANDLED_SERVERCERTIFICATE': [], 'HANDLED_SERVERDATA': [], 'HANDLED_SERVERFINISHED': [], 'HANDLED_SERVERHELLO': [], 'HANDLED_SERVERHELLODONE': [], 'HANDLED_SERVERKEYEXCHANGE': [], 'INITIAL': [], 'INIT_TLS_SESSION': [], 'MISSING_SERVERCERTIFICATE': [], 'MISSING_SERVERHELLO': [], 'MISSING_SERVERKEYEXCHANGE': [], 'PREPARE_CLIENTFLIGHT1': [], 'PREPARE_CLIENTFLIGHT2': [], 'RECEIVED_SERVERDATA': [], 'RECEIVED_SERVERFLIGHT1': [], 'RECEIVED_SERVERFLIGHT2': [], 'SENT_CLIENTDATA': [], 'SENT_CLIENTFLIGHT1': [], 'SENT_CLIENTFLIGHT2': [], 'SSLv2_ADDED_CLIENTCERTIFICATE': [], 'SSLv2_ADDED_CLIENTDATA': [], 'SSLv2_ADDED_CLIENTFINISHED': [], 'SSLv2_ADDED_CLIENTHELLO': [], 'SSLv2_ADDED_CLIENTMASTERKEY': [], 'SSLv2_CLOSE_NOTIFY': [], 'SSLv2_HANDLED_REQUESTCERTIFICATE': [], 'SSLv2_HANDLED_SERVERDATA': [], 'SSLv2_HANDLED_SERVERFINISHED': [], 'SSLv2_HANDLED_SERVERHELLO': [], 'SSLv2_HANDLED_SERVERVERIFY': [], 'SSLv2_MISSING_SERVERFINISHED': [], 'SSLv2_MISSING_SERVERHELLO': [], 'SSLv2_MISSING_SERVERVERIFY': [], 'SSLv2_PREPARE_CLIENTHELLO': [], 'SSLv2_RECEIVED_SERVERDATA': [], 'SSLv2_RECEIVED_SERVERFINISHED': [], 'SSLv2_RECEIVED_SERVERHELLO': [], 'SSLv2_RECEIVED_SERVERVERIFY': [], 'SSLv2_SENT_CLIENTCERTIFICATE': [], 'SSLv2_SENT_CLIENTDATA': [], 'SSLv2_SENT_CLIENTFINISHED': [], 'SSLv2_SENT_CLIENTHELLO': [], 'SSLv2_SENT_CLIENTMASTERKEY': [], 'SSLv2_WAITING_CLIENTDATA': [], 'SSLv2_WAITING_SERVERDATA': [], 'SSLv2_WAITING_SERVERFINISHED': [], 'SSLv2_WAITING_SERVERHELLO': [], 'SSLv2_WAITING_SERVERVERIFY': [], 'TLS13_ADDED_CLIENTFINISHED': [], 'TLS13_ADDED_CLIENTHELLO': [], 'TLS13_HANDLED_CERTIFICATE': [], 'TLS13_HANDLED_CERTIFICATE_VERIFY': [], 'TLS13_HANDLED_ENCRYPTEDEXTENSIONS': [], 'TLS13_HANDLED_FINISHED': [], 'TLS13_HANDLED_SERVERHELLO': [], 'TLS13_PREPARE_CLIENTFLIGHT2': [], 'TLS13_RECEIVED_SERVERFLIGHT1': [], 'TLS13_SENDING_CLIENTFLIGHT1': [], 'TLS13_SENT_CLIENTFLIGHT1': [], 'TLS13_SENT_CLIENTFLIGHT2': [], 'TLS13_START': [], 'TLS13_WAITING_ENCRYPTEDEXTENSIONS': [], 'TLS13_WAITING_SERVERFLIGHT1': [], 'WAITING_SERVERDATA': [], 'WAITING_SERVERFLIGHT1': [], 'WAITING_SERVERFLIGHT2': [], 'WAIT_CLIENTDATA': []}
should_add_ChangeCipherSpec_from_CertificateVerify()
should_add_ChangeCipherSpec_from_ClientKeyExchange()
should_add_ClientCertificate()

If the server sent a CertificateRequest, we send a Certificate message. If no certificate is available, an empty Certificate message is sent: - this is a SHOULD in RFC 4346 (Section 7.4.6) - this is a MUST in RFC 5246 (Section 7.4.6)

XXX We may want to add a complete chain.

should_add_ClientFinished()
should_add_ClientHello()
should_add_ClientKeyExchange()
should_add_ClientKeyExchange_from_ClientCertificate()
should_add_ClientKeyExchange_from_ClientFlight2()
should_add_ClientVerify()

XXX Section 7.4.7.1 of RFC 5246 states that the CertificateVerify message is only sent following a client certificate that has signing capability (i.e. not those containing fixed DH params). We should verify that before adding the message. We should also handle the case when the Certificate message was empty.

should_handle_CertificateRequest()

XXX We should check the CertificateRequest attributes for discrepancies with the cipher suite, etc.

should_handle_CertificateRequest_from_ServerCertificate()
should_handle_CertificateRequest_from_ServerKeyExchange()
should_handle_ChangeCipherSpec()
should_handle_Finished()
should_handle_ServerCertificate()
should_handle_ServerData()
should_handle_ServerHello()

XXX We should check the ServerHello attributes for discrepancies with our own ClientHello.

should_handle_ServerHelloDone()
should_handle_ServerHelloDone_from_CertificateRequest()
should_handle_ServerHelloDone_from_ServerCertificate()
should_handle_ServerHelloDone_from_ServerKeyExchange()
should_handle_ServerKeyExchange_from_ServerCertificate()

XXX We should check the ServerKeyExchange attributes for discrepancies with our own ClientHello, along with the ServerHello and Certificate.

should_send_ClientData()
should_send_ClientFlight1()
should_send_ClientFlight2()
should_wait_ClientData()
sslv2_add_ClientData()
sslv2_close_session()
sslv2_missing_ServerFinished()
sslv2_missing_ServerHello()
sslv2_missing_ServerVerify()
sslv2_no_more_ClientData()
sslv2_should_add_ClientCertificate()
sslv2_should_add_ClientFinished()
sslv2_should_add_ClientFinished_from_NoServerVerify()
sslv2_should_add_ClientFinished_from_ServerVerify()
sslv2_should_add_ClientHello()
sslv2_should_add_ClientMasterKey()
sslv2_should_handle_RequestCertificate()
sslv2_should_handle_ServerData()
sslv2_should_handle_ServerFinished()
sslv2_should_handle_ServerHello()
sslv2_should_handle_ServerVerify()
sslv2_should_send_ClientCertificate()
sslv2_should_send_ClientData()
sslv2_should_send_ClientFinished()
sslv2_should_send_ClientHello()
sslv2_should_send_ClientMasterKey()
sslv2_should_wait_ClientData()
sslv2_should_wait_ServerFinished_from_ServerVerify()
state = None
states = {'ADDED_CERTIFICATEVERIFY': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'ADDED_CHANGECIPHERSPEC': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'ADDED_CLIENTCERTIFICATE': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'ADDED_CLIENTDATA': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'ADDED_CLIENTFINISHED': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'ADDED_CLIENTHELLO': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'ADDED_CLIENTKEYEXCHANGE': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'CLOSE_NOTIFY': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'CONNECT': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'FINAL': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'HANDLED_CERTIFICATEREQUEST': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'HANDLED_CHANGECIPHERSPEC': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'HANDLED_SERVERCERTIFICATE': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'HANDLED_SERVERDATA': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'HANDLED_SERVERFINISHED': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'HANDLED_SERVERHELLO': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'HANDLED_SERVERHELLODONE': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'HANDLED_SERVERKEYEXCHANGE': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'INITIAL': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'INIT_TLS_SESSION': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'MISSING_SERVERCERTIFICATE': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'MISSING_SERVERHELLO': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'MISSING_SERVERKEYEXCHANGE': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'PREPARE_CLIENTFLIGHT1': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'PREPARE_CLIENTFLIGHT2': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'RECEIVED_SERVERDATA': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'RECEIVED_SERVERFLIGHT1': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'RECEIVED_SERVERFLIGHT2': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SENT_CLIENTDATA': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SENT_CLIENTFLIGHT1': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SENT_CLIENTFLIGHT2': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_ADDED_CLIENTCERTIFICATE': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_ADDED_CLIENTDATA': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_ADDED_CLIENTFINISHED': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_ADDED_CLIENTHELLO': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_ADDED_CLIENTMASTERKEY': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_CLOSE_NOTIFY': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_HANDLED_REQUESTCERTIFICATE': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_HANDLED_SERVERDATA': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_HANDLED_SERVERFINISHED': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_HANDLED_SERVERHELLO': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_HANDLED_SERVERVERIFY': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_MISSING_SERVERFINISHED': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_MISSING_SERVERHELLO': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_MISSING_SERVERVERIFY': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_PREPARE_CLIENTHELLO': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_RECEIVED_SERVERDATA': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_RECEIVED_SERVERFINISHED': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_RECEIVED_SERVERHELLO': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_RECEIVED_SERVERVERIFY': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_SENT_CLIENTCERTIFICATE': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_SENT_CLIENTDATA': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_SENT_CLIENTFINISHED': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_SENT_CLIENTHELLO': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_SENT_CLIENTMASTERKEY': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_WAITING_CLIENTDATA': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_WAITING_SERVERDATA': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_WAITING_SERVERFINISHED': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_WAITING_SERVERHELLO': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SSLv2_WAITING_SERVERVERIFY': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_ADDED_CLIENTFINISHED': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_ADDED_CLIENTHELLO': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_HANDLED_CERTIFICATE': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_HANDLED_CERTIFICATE_VERIFY': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_HANDLED_ENCRYPTEDEXTENSIONS': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_HANDLED_FINISHED': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_HANDLED_SERVERHELLO': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_PREPARE_CLIENTFLIGHT2': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_RECEIVED_SERVERFLIGHT1': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_SENDING_CLIENTFLIGHT1': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_SENT_CLIENTFLIGHT1': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_SENT_CLIENTFLIGHT2': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_START': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_WAITING_ENCRYPTEDEXTENSIONS': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'TLS13_WAITING_SERVERFLIGHT1': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'WAITING_SERVERDATA': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'WAITING_SERVERFLIGHT1': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'WAITING_SERVERFLIGHT2': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'WAIT_CLIENTDATA': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>}
timeout = {'ADDED_CERTIFICATEVERIFY': [(None, None)], 'ADDED_CHANGECIPHERSPEC': [(None, None)], 'ADDED_CLIENTCERTIFICATE': [(None, None)], 'ADDED_CLIENTDATA': [(None, None)], 'ADDED_CLIENTFINISHED': [(None, None)], 'ADDED_CLIENTHELLO': [(None, None)], 'ADDED_CLIENTKEYEXCHANGE': [(None, None)], 'CLOSE_NOTIFY': [(None, None)], 'CONNECT': [(None, None)], 'FINAL': [(None, None)], 'HANDLED_CERTIFICATEREQUEST': [(None, None)], 'HANDLED_CHANGECIPHERSPEC': [(None, None)], 'HANDLED_SERVERCERTIFICATE': [(None, None)], 'HANDLED_SERVERDATA': [(None, None)], 'HANDLED_SERVERFINISHED': [(None, None)], 'HANDLED_SERVERHELLO': [(None, None)], 'HANDLED_SERVERHELLODONE': [(None, None)], 'HANDLED_SERVERKEYEXCHANGE': [(None, None)], 'INITIAL': [(None, None)], 'INIT_TLS_SESSION': [(None, None)], 'MISSING_SERVERCERTIFICATE': [(None, None)], 'MISSING_SERVERHELLO': [(None, None)], 'MISSING_SERVERKEYEXCHANGE': [(None, None)], 'PREPARE_CLIENTFLIGHT1': [(None, None)], 'PREPARE_CLIENTFLIGHT2': [(None, None)], 'RECEIVED_SERVERDATA': [(None, None)], 'RECEIVED_SERVERFLIGHT1': [(None, None)], 'RECEIVED_SERVERFLIGHT2': [(None, None)], 'SENT_CLIENTDATA': [(None, None)], 'SENT_CLIENTFLIGHT1': [(None, None)], 'SENT_CLIENTFLIGHT2': [(None, None)], 'SSLv2_ADDED_CLIENTCERTIFICATE': [(None, None)], 'SSLv2_ADDED_CLIENTDATA': [(None, None)], 'SSLv2_ADDED_CLIENTFINISHED': [(None, None)], 'SSLv2_ADDED_CLIENTHELLO': [(None, None)], 'SSLv2_ADDED_CLIENTMASTERKEY': [(None, None)], 'SSLv2_CLOSE_NOTIFY': [(None, None)], 'SSLv2_HANDLED_REQUESTCERTIFICATE': [(None, None)], 'SSLv2_HANDLED_SERVERDATA': [(None, None)], 'SSLv2_HANDLED_SERVERFINISHED': [(None, None)], 'SSLv2_HANDLED_SERVERHELLO': [(None, None)], 'SSLv2_HANDLED_SERVERVERIFY': [(None, None)], 'SSLv2_MISSING_SERVERFINISHED': [(None, None)], 'SSLv2_MISSING_SERVERHELLO': [(None, None)], 'SSLv2_MISSING_SERVERVERIFY': [(None, None)], 'SSLv2_PREPARE_CLIENTHELLO': [(None, None)], 'SSLv2_RECEIVED_SERVERDATA': [(None, None)], 'SSLv2_RECEIVED_SERVERFINISHED': [(None, None)], 'SSLv2_RECEIVED_SERVERHELLO': [(None, None)], 'SSLv2_RECEIVED_SERVERVERIFY': [(None, None)], 'SSLv2_SENT_CLIENTCERTIFICATE': [(None, None)], 'SSLv2_SENT_CLIENTDATA': [(None, None)], 'SSLv2_SENT_CLIENTFINISHED': [(None, None)], 'SSLv2_SENT_CLIENTHELLO': [(None, None)], 'SSLv2_SENT_CLIENTMASTERKEY': [(None, None)], 'SSLv2_WAITING_CLIENTDATA': [(None, None)], 'SSLv2_WAITING_SERVERDATA': [(None, None)], 'SSLv2_WAITING_SERVERFINISHED': [(None, None)], 'SSLv2_WAITING_SERVERHELLO': [(None, None)], 'SSLv2_WAITING_SERVERVERIFY': [(None, None)], 'TLS13_ADDED_CLIENTFINISHED': [(None, None)], 'TLS13_ADDED_CLIENTHELLO': [(None, None)], 'TLS13_HANDLED_CERTIFICATE': [(None, None)], 'TLS13_HANDLED_CERTIFICATE_VERIFY': [(None, None)], 'TLS13_HANDLED_ENCRYPTEDEXTENSIONS': [(None, None)], 'TLS13_HANDLED_FINISHED': [(None, None)], 'TLS13_HANDLED_SERVERHELLO': [(None, None)], 'TLS13_PREPARE_CLIENTFLIGHT2': [(None, None)], 'TLS13_RECEIVED_SERVERFLIGHT1': [(None, None)], 'TLS13_SENDING_CLIENTFLIGHT1': [(None, None)], 'TLS13_SENT_CLIENTFLIGHT1': [(None, None)], 'TLS13_SENT_CLIENTFLIGHT2': [(None, None)], 'TLS13_START': [(None, None)], 'TLS13_WAITING_ENCRYPTEDEXTENSIONS': [(None, None)], 'TLS13_WAITING_SERVERFLIGHT1': [(None, None)], 'WAITING_SERVERDATA': [(None, None)], 'WAITING_SERVERFLIGHT1': [(None, None)], 'WAITING_SERVERFLIGHT2': [(None, None)], 'WAIT_CLIENTDATA': [(None, None)]}
tls13_missing_CertificateVerify()
tls13_missing_ServerHello()
tls13_missing_encryptedExtension()
tls13_should_add_ClientFinished()
tls13_should_add_ClientHello()
tls13_should_handle_AlertMessage_()
tls13_should_handle_Certificate()
tls13_should_handle_CertificateVerify()
tls13_should_handle_EncryptedExtensions()
tls13_should_handle_ServerHello()

XXX We should check the ServerHello attributes for discrepancies with our own ClientHello.

tls13_should_handle_certificate_from_encryptedExtensions()
tls13_should_handle_encrytpedExtensions()
tls13_should_handle_finished()
tls13_should_send_ClientFlight1()
tls13_should_send_ClientFlight2()
vprint_sessioninfo()