scapy.layers.tls.automaton_cli module
TLS client automaton. This makes for a primitive TLS stack. Obviously you need rights for network access.
We support versions SSLv2 to TLS 1.3, along with many features.
In order to run a client to tcp/50000 with one cipher suite of your choice:
from scapy.layers.tls import *
ch = TLSClientHello(ciphers=<int code of the cipher suite>)
t = TLSClientAutomaton(dport=50000, client_hello=ch)
t.run()
You can also use it as a SuperSocket using the tlslink
io:
from scapy.layers.tls import *
a = TLSClientAutomaton.tlslink(Raw, server="scapy.net", dport=443)
a.send(HTTP()/HTTPRequest())
while True:
a.recv()
You can also use the io with a TCPSession, e.g. to get an HTTPS answer:
from scapy.all import *
from scapy.layers.http import *
from scapy.layers.tls.automaton_cli import *
a = TLSClientAutomaton.tlslink(HTTP, server="www.google.com", dport=443)
pkt = a.sr1(HTTP()/HTTPRequest(), session=TCPSession(app=True),
timeout=2)
- class scapy.layers.tls.automaton_cli.TLSClientAutomaton(self, server='127.0.0.1', dport=4433, server_name=None, mycert=None, mykey=None, client_hello=None, version=None, resumption_master_secret=None, session_ticket_file_in=None, session_ticket_file_out=None, psk=None, psk_mode=None, data=None, ciphersuite: int | None = None, curve: str | None = None, supported_groups=None, supported_signature_algorithms=None, **kargs)[source]
Bases:
_TLSAutomaton
A simple TLS test client automaton. Try to overload some states or conditions and see what happens on the other side.
Rather than with an interruption, the best way to stop this client is by typing ‘quit’. This won’t be a message sent to the server.
- Parameters:
server – the server IP or hostname. defaults to 127.0.0.1
dport – the server port. defaults to 4433
server_name – the SNI to use. It does not need to be set
mycert
mykey – may be provided as filenames. They will be used in the (or post) handshake, should the server ask for client authentication.
client_hello – may hold a TLSClientHello, TLS13ClientHello or SSLv2ClientHello to be sent to the server. This is particularly useful for extensions tweaking. If not set, a default is populated accordingly.
version – is a quicker way to advertise a protocol version (“sslv2”, “tls1”, “tls12”, “tls13”, etc.) It may be overridden by the previous ‘client_hello’.
session_ticket_file_in – path to a file that contains a session ticket acquired in a previous session.
session_ticket_file_out – path to store any session ticket acquired during this session.
data – is a list of raw data to be sent to the server once the handshake has been completed. Both ‘stop_server’ and ‘quit’ will work this way.
- ADDED_CERTIFICATEVERIFY(*args: ATMT, **kargs: Any) NewStateRequested [source]
- ADDED_CHANGECIPHERSPEC(*args: ATMT, **kargs: Any) NewStateRequested [source]
- ADDED_CLIENTCERTIFICATE(*args: ATMT, **kargs: Any) NewStateRequested [source]
- ADDED_CLIENTDATA(*args: ATMT, **kargs: Any) NewStateRequested [source]
- ADDED_CLIENTFINISHED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- ADDED_CLIENTHELLO(*args: ATMT, **kargs: Any) NewStateRequested [source]
- ADDED_CLIENTKEYEXCHANGE(*args: ATMT, **kargs: Any) NewStateRequested [source]
- CLOSE_NOTIFY(*args: ATMT, **kargs: Any) NewStateRequested [source]
- CONNECT(*args: ATMT, **kargs: Any) NewStateRequested [source]
- FINAL(*args: ATMT, **kargs: Any) NewStateRequested [source]
- HANDLED_CERTIFICATEREQUEST(*args: ATMT, **kargs: Any) NewStateRequested [source]
- HANDLED_CHANGECIPHERSPEC(*args: ATMT, **kargs: Any) NewStateRequested [source]
- HANDLED_SERVERCERTIFICATE(*args: ATMT, **kargs: Any) NewStateRequested [source]
- HANDLED_SERVERDATA(*args: ATMT, **kargs: Any) NewStateRequested [source]
- HANDLED_SERVERFINISHED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- HANDLED_SERVERHELLO(*args: ATMT, **kargs: Any) NewStateRequested [source]
- HANDLED_SERVERHELLODONE(*args: ATMT, **kargs: Any) NewStateRequested [source]
- HANDLED_SERVERKEYEXCHANGE(*args: ATMT, **kargs: Any) NewStateRequested [source]
- INITIAL(*args: ATMT, **kargs: Any) NewStateRequested [source]
- INIT_TLS_SESSION(*args: ATMT, **kargs: Any) NewStateRequested [source]
- MISSING_SERVERCERTIFICATE(*args: ATMT, **kargs: Any) NewStateRequested [source]
- MISSING_SERVERHELLO(*args: ATMT, **kargs: Any) NewStateRequested [source]
- MISSING_SERVERKEYEXCHANGE(*args: ATMT, **kargs: Any) NewStateRequested [source]
- PREPARE_CLIENTFLIGHT1(*args: ATMT, **kargs: Any) NewStateRequested [source]
- PREPARE_CLIENTFLIGHT2(*args: ATMT, **kargs: Any) NewStateRequested [source]
- RECEIVED_SERVERDATA(*args: ATMT, **kargs: Any) NewStateRequested [source]
- RECEIVED_SERVERFLIGHT1(*args: ATMT, **kargs: Any) NewStateRequested [source]
- RECEIVED_SERVERFLIGHT2(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SENT_CLIENTDATA(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SENT_CLIENTFLIGHT1(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SENT_CLIENTFLIGHT2(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SOCKET_CLOSED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_ADDED_CLIENTCERTIFICATE(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_ADDED_CLIENTDATA(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_ADDED_CLIENTFINISHED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_ADDED_CLIENTHELLO(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_ADDED_CLIENTMASTERKEY(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_CLOSE_NOTIFY(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_HANDLED_REQUESTCERTIFICATE(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_HANDLED_SERVERDATA(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_HANDLED_SERVERFINISHED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_HANDLED_SERVERHELLO(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_HANDLED_SERVERVERIFY(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_MISSING_SERVERFINISHED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_MISSING_SERVERHELLO(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_MISSING_SERVERVERIFY(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_PREPARE_CLIENTHELLO(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_RECEIVED_SERVERDATA(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_RECEIVED_SERVERFINISHED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_RECEIVED_SERVERHELLO(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_RECEIVED_SERVERVERIFY(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_SENT_CLIENTCERTIFICATE(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_SENT_CLIENTDATA(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_SENT_CLIENTFINISHED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_SENT_CLIENTHELLO(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_SENT_CLIENTMASTERKEY(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_WAITING_CLIENTDATA(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_WAITING_SERVERDATA(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_WAITING_SERVERFINISHED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_WAITING_SERVERHELLO(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SSLv2_WAITING_SERVERVERIFY(*args: ATMT, **kargs: Any) NewStateRequested [source]
- STOP(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_ADDED_CERTIFICATEVERIFY(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_ADDED_CLIENTCERTIFICATE(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_ADDED_CLIENTFINISHED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_ADDED_CLIENTHELLO(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_HANDLED_ALERT_FROM_SERVERFLIGHT1(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_HANDLED_CERTIFICATE(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_HANDLED_CERTIFICATEREQUEST(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_HANDLED_CERTIFICATE_VERIFY(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_HANDLED_CHANGE_CIPHER_SPEC(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_HANDLED_ENCRYPTEDEXTENSIONS(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_HANDLED_FINISHED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_HANDLED_SERVERHELLO(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_HELLO_RETRY_REQUESTED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_PREPARE_CLIENTFLIGHT2(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_RECEIVED_NEW_SESSION_TICKET(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_RECEIVED_POST_AUTHENTICATION_REQUEST(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_RECEIVED_SERVERFLIGHT1(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_SENDING_CLIENTFLIGHT1(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_SENT_CLIENTFLIGHT1(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_SENT_CLIENTFLIGHT2(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_START(*args: ATMT, **kargs: Any) NewStateRequested [source]
- TLS13_WAITING_SERVERFLIGHT1(*args: ATMT, **kargs: Any) NewStateRequested [source]
- WAITING_SERVERDATA(*args: ATMT, **kargs: Any) NewStateRequested [source]
- WAITING_SERVERFLIGHT1(*args: ATMT, **kargs: Any) NewStateRequested [source]
- WAITING_SERVERFLIGHT2(*args: ATMT, **kargs: Any) NewStateRequested [source]
- WAIT_CLIENTDATA(*args: ATMT, **kargs: Any) NewStateRequested [source]
- actions: Dict[str, List[_StateWrapper]] = {'_socket': [], 'add_ClientData': [], 'close_session': [], 'missing_ServerCertificate': [], 'missing_ServerHello': [], 'missing_ServerKeyExchange': [], 'no_more_ClientData': [], 'should_add_ChangeCipherSpec_from_CertificateVerify': [], 'should_add_ChangeCipherSpec_from_ClientKeyExchange': [], 'should_add_ClientCertificate': [], 'should_add_ClientFinished': [], 'should_add_ClientHello': [], 'should_add_ClientKeyExchange_from_ClientCertificate': [], 'should_add_ClientKeyExchange_from_ClientFlight2': [], 'should_add_ClientVerify': [], 'should_fail_CertificateRequest_postauth': [], 'should_handle_CertificateRequest_from_ServerCertificate': [], 'should_handle_CertificateRequest_from_ServerKeyExchange': [], 'should_handle_CertificateRequest_postauth': [], 'should_handle_ChangeCipherSpec': [], 'should_handle_Finished': [], 'should_handle_NewSessionTicket': [], 'should_handle_ServerCertificate': [], 'should_handle_ServerData': [], 'should_handle_ServerHello': [], 'should_handle_ServerHelloDone_from_CertificateRequest': [], 'should_handle_ServerHelloDone_from_ServerCertificate': [], 'should_handle_ServerHelloDone_from_ServerKeyExchange': [], 'should_handle_ServerKeyExchange_from_ServerCertificate': [], 'should_send_CertificateRequest_postauth': [], 'should_send_ClientData': [], 'should_send_ClientFlight1': [], 'should_send_ClientFlight2': [], 'should_store_session_ticket_file': [], 'should_wait_ClientData': [], 'sslv2_add_ClientData': [], 'sslv2_close_session': [], 'sslv2_missing_ServerFinished': [], 'sslv2_missing_ServerHello': [], 'sslv2_missing_ServerVerify': [], 'sslv2_no_more_ClientData': [], 'sslv2_should_add_ClientCertificate': [], 'sslv2_should_add_ClientFinished_from_NoServerVerify': [], 'sslv2_should_add_ClientFinished_from_ServerVerify': [], 'sslv2_should_add_ClientHello': [], 'sslv2_should_add_ClientMasterKey': [], 'sslv2_should_handle_RequestCertificate': [], 'sslv2_should_handle_ServerData': [], 'sslv2_should_handle_ServerFinished': [], 'sslv2_should_handle_ServerHello': [], 'sslv2_should_handle_ServerVerify': [], 'sslv2_should_send_ClientCertificate': [], 'sslv2_should_send_ClientData': [], 'sslv2_should_send_ClientFinished': [], 'sslv2_should_send_ClientHello': [], 'sslv2_should_send_ClientMasterKey': [], 'sslv2_should_wait_ClientData': [], 'sslv2_should_wait_ServerFinished_from_ServerVerify': [], 'tls13_missing_CertificateVerify': [], 'tls13_missing_ServerHello': [], 'tls13_missing_encryptedExtension': [], 'tls13_should_add_ClientCertificate': [], 'tls13_should_add_ClientCertificateVerify': [], 'tls13_should_add_ClientFinished': [], 'tls13_should_add_ClientHello': [], 'tls13_should_add_ClientHello_Retry': [], 'tls13_should_handle_AlertMessage_': [], 'tls13_should_handle_CertificateVerify': [], 'tls13_should_handle_Certificate_from_CertificateRequest': [], 'tls13_should_handle_ChangeCipherSpec': [], 'tls13_should_handle_ChangeCipherSpec_after_tls13_retry': [], 'tls13_should_handle_HelloRetryRequest': [], 'tls13_should_handle_ServerHello': [], 'tls13_should_handle_certificateRequest_from_encryptedExtensions': [], 'tls13_should_handle_certificate_from_encryptedExtensions': [], 'tls13_should_handle_encrytpedExtensions': [], 'tls13_should_handle_finished': [], 'tls13_should_handle_finished_from_encryptedExtensions': [], 'tls13_should_send_ClientFlight1': [], 'tls13_should_send_ClientFlight2': [], 'tls13_should_skip_ClientCertificateVerify': []}
- add_ClientData()[source]
The user may type in: GET / HTTP/1.1rnHost: testserver.comrnrn Special characters are handled so that it becomes a valid HTTP request.
- breakpoints: Set[_StateWrapper]
- conditions: Dict[str, List[_StateWrapper]] = {'ADDED_CERTIFICATEVERIFY': [<function TLSClientAutomaton.should_add_ChangeCipherSpec_from_CertificateVerify>], 'ADDED_CHANGECIPHERSPEC': [<function TLSClientAutomaton.should_add_ClientFinished>], 'ADDED_CLIENTCERTIFICATE': [<function TLSClientAutomaton.should_add_ClientKeyExchange_from_ClientCertificate>], 'ADDED_CLIENTDATA': [<function TLSClientAutomaton.should_send_ClientData>], 'ADDED_CLIENTFINISHED': [<function TLSClientAutomaton.should_send_ClientFlight2>], 'ADDED_CLIENTHELLO': [<function TLSClientAutomaton.should_send_ClientFlight1>], 'ADDED_CLIENTKEYEXCHANGE': [<function TLSClientAutomaton.should_add_ClientVerify>, <function TLSClientAutomaton.should_add_ChangeCipherSpec_from_ClientKeyExchange>], 'CLOSE_NOTIFY': [<function TLSClientAutomaton.close_session>], 'CONNECT': [], 'FINAL': [], 'HANDLED_CERTIFICATEREQUEST': [<function TLSClientAutomaton.should_handle_ServerHelloDone_from_CertificateRequest>], 'HANDLED_CHANGECIPHERSPEC': [<function TLSClientAutomaton.should_handle_Finished>], 'HANDLED_SERVERCERTIFICATE': [<function TLSClientAutomaton.should_handle_ServerKeyExchange_from_ServerCertificate>, <function TLSClientAutomaton.missing_ServerKeyExchange>, <function TLSClientAutomaton.should_handle_CertificateRequest_from_ServerCertificate>, <function TLSClientAutomaton.should_handle_ServerHelloDone_from_ServerCertificate>], 'HANDLED_SERVERDATA': [], 'HANDLED_SERVERFINISHED': [<function TLSClientAutomaton.should_wait_ClientData>], 'HANDLED_SERVERHELLO': [<function TLSClientAutomaton.should_handle_ServerCertificate>, <function TLSClientAutomaton.missing_ServerCertificate>], 'HANDLED_SERVERHELLODONE': [], 'HANDLED_SERVERKEYEXCHANGE': [<function TLSClientAutomaton.should_handle_ServerHelloDone_from_ServerKeyExchange>, <function TLSClientAutomaton.should_handle_CertificateRequest_from_ServerKeyExchange>], 'INITIAL': [], 'INIT_TLS_SESSION': [], 'MISSING_SERVERCERTIFICATE': [], 'MISSING_SERVERHELLO': [], 'MISSING_SERVERKEYEXCHANGE': [], 'PREPARE_CLIENTFLIGHT1': [<function TLSClientAutomaton.should_add_ClientHello>], 'PREPARE_CLIENTFLIGHT2': [<function TLSClientAutomaton.should_add_ClientCertificate>, <function TLSClientAutomaton.should_add_ClientKeyExchange_from_ClientFlight2>], 'RECEIVED_SERVERDATA': [<function TLSClientAutomaton.should_handle_CertificateRequest_postauth>, <function TLSClientAutomaton.should_handle_NewSessionTicket>, <function TLSClientAutomaton.should_handle_ServerData>], 'RECEIVED_SERVERFLIGHT1': [<function TLSClientAutomaton.should_handle_ServerHello>, <function TLSClientAutomaton.missing_ServerHello>], 'RECEIVED_SERVERFLIGHT2': [<function TLSClientAutomaton.should_handle_ChangeCipherSpec>], 'SENT_CLIENTDATA': [], 'SENT_CLIENTFLIGHT1': [], 'SENT_CLIENTFLIGHT2': [], 'SOCKET_CLOSED': [], 'SSLv2_ADDED_CLIENTCERTIFICATE': [<function TLSClientAutomaton.sslv2_should_send_ClientCertificate>], 'SSLv2_ADDED_CLIENTDATA': [<function TLSClientAutomaton.sslv2_should_send_ClientData>], 'SSLv2_ADDED_CLIENTFINISHED': [<function TLSClientAutomaton.sslv2_should_send_ClientFinished>], 'SSLv2_ADDED_CLIENTHELLO': [<function TLSClientAutomaton.sslv2_should_send_ClientHello>], 'SSLv2_ADDED_CLIENTMASTERKEY': [<function TLSClientAutomaton.sslv2_should_send_ClientMasterKey>], 'SSLv2_CLOSE_NOTIFY': [<function TLSClientAutomaton.sslv2_close_session>], 'SSLv2_HANDLED_REQUESTCERTIFICATE': [<function TLSClientAutomaton.sslv2_should_add_ClientCertificate>], 'SSLv2_HANDLED_SERVERDATA': [], 'SSLv2_HANDLED_SERVERFINISHED': [<function TLSClientAutomaton.sslv2_should_wait_ClientData>], 'SSLv2_HANDLED_SERVERHELLO': [<function TLSClientAutomaton.sslv2_should_add_ClientMasterKey>], 'SSLv2_HANDLED_SERVERVERIFY': [<function TLSClientAutomaton.sslv2_should_add_ClientFinished_from_ServerVerify>, <function TLSClientAutomaton.sslv2_should_wait_ServerFinished_from_ServerVerify>], 'SSLv2_MISSING_SERVERFINISHED': [], 'SSLv2_MISSING_SERVERHELLO': [], 'SSLv2_MISSING_SERVERVERIFY': [], 'SSLv2_PREPARE_CLIENTHELLO': [<function TLSClientAutomaton.sslv2_should_add_ClientHello>], 'SSLv2_RECEIVED_SERVERDATA': [<function TLSClientAutomaton.sslv2_should_handle_ServerData>], 'SSLv2_RECEIVED_SERVERFINISHED': [<function TLSClientAutomaton.sslv2_should_handle_ServerFinished>, <function TLSClientAutomaton.sslv2_should_handle_RequestCertificate>, <function TLSClientAutomaton.sslv2_missing_ServerFinished>], 'SSLv2_RECEIVED_SERVERHELLO': [<function TLSClientAutomaton.sslv2_should_handle_ServerHello>, <function TLSClientAutomaton.sslv2_missing_ServerHello>], 'SSLv2_RECEIVED_SERVERVERIFY': [<function TLSClientAutomaton.sslv2_should_handle_ServerVerify>, <function TLSClientAutomaton.sslv2_should_add_ClientFinished_from_NoServerVerify>, <function TLSClientAutomaton.sslv2_missing_ServerVerify>], 'SSLv2_SENT_CLIENTCERTIFICATE': [], 'SSLv2_SENT_CLIENTDATA': [], 'SSLv2_SENT_CLIENTFINISHED': [], 'SSLv2_SENT_CLIENTHELLO': [], 'SSLv2_SENT_CLIENTMASTERKEY': [], 'SSLv2_WAITING_CLIENTDATA': [<function TLSClientAutomaton.sslv2_add_ClientData>, <function TLSClientAutomaton.sslv2_no_more_ClientData>], 'SSLv2_WAITING_SERVERDATA': [], 'SSLv2_WAITING_SERVERFINISHED': [], 'SSLv2_WAITING_SERVERHELLO': [], 'SSLv2_WAITING_SERVERVERIFY': [], 'STOP': [], 'TLS13_ADDED_CERTIFICATEVERIFY': [], 'TLS13_ADDED_CLIENTCERTIFICATE': [<function TLSClientAutomaton.tls13_should_skip_ClientCertificateVerify>, <function TLSClientAutomaton.tls13_should_add_ClientCertificateVerify>], 'TLS13_ADDED_CLIENTFINISHED': [<function TLSClientAutomaton.tls13_should_send_ClientFlight2>], 'TLS13_ADDED_CLIENTHELLO': [], 'TLS13_HANDLED_ALERT_FROM_SERVERFLIGHT1': [], 'TLS13_HANDLED_CERTIFICATE': [<function TLSClientAutomaton.tls13_should_handle_CertificateVerify>, <function TLSClientAutomaton.tls13_missing_CertificateVerify>], 'TLS13_HANDLED_CERTIFICATEREQUEST': [<function TLSClientAutomaton.tls13_should_handle_Certificate_from_CertificateRequest>], 'TLS13_HANDLED_CERTIFICATE_VERIFY': [<function TLSClientAutomaton.tls13_should_handle_finished>], 'TLS13_HANDLED_CHANGE_CIPHER_SPEC': [], 'TLS13_HANDLED_ENCRYPTEDEXTENSIONS': [<function TLSClientAutomaton.tls13_should_handle_certificateRequest_from_encryptedExtensions>, <function TLSClientAutomaton.tls13_should_handle_certificate_from_encryptedExtensions>, <function TLSClientAutomaton.tls13_should_handle_finished_from_encryptedExtensions>], 'TLS13_HANDLED_FINISHED': [], 'TLS13_HANDLED_SERVERHELLO': [<function TLSClientAutomaton.tls13_should_handle_encrytpedExtensions>, <function TLSClientAutomaton.tls13_should_handle_ChangeCipherSpec>, <function TLSClientAutomaton.tls13_missing_encryptedExtension>], 'TLS13_HELLO_RETRY_REQUESTED': [<function TLSClientAutomaton.tls13_should_add_ClientHello_Retry>], 'TLS13_PREPARE_CLIENTFLIGHT2': [<function TLSClientAutomaton.tls13_should_add_ClientCertificate>, <function TLSClientAutomaton.tls13_should_add_ClientFinished>], 'TLS13_RECEIVED_NEW_SESSION_TICKET': [<function TLSClientAutomaton.should_store_session_ticket_file>], 'TLS13_RECEIVED_POST_AUTHENTICATION_REQUEST': [<function TLSClientAutomaton.should_send_CertificateRequest_postauth>, <function TLSClientAutomaton.should_fail_CertificateRequest_postauth>], 'TLS13_RECEIVED_SERVERFLIGHT1': [<function TLSClientAutomaton.tls13_should_handle_ServerHello>, <function TLSClientAutomaton.tls13_should_handle_HelloRetryRequest>, <function TLSClientAutomaton.tls13_should_handle_AlertMessage_>, <function TLSClientAutomaton.tls13_should_handle_ChangeCipherSpec_after_tls13_retry>, <function TLSClientAutomaton.tls13_missing_ServerHello>], 'TLS13_SENDING_CLIENTFLIGHT1': [<function TLSClientAutomaton.tls13_should_send_ClientFlight1>], 'TLS13_SENT_CLIENTFLIGHT1': [], 'TLS13_SENT_CLIENTFLIGHT2': [], 'TLS13_START': [<function TLSClientAutomaton.tls13_should_add_ClientHello>], 'TLS13_WAITING_SERVERFLIGHT1': [], 'WAITING_SERVERDATA': [], 'WAITING_SERVERFLIGHT1': [], 'WAITING_SERVERFLIGHT2': [], 'WAIT_CLIENTDATA': [<function TLSClientAutomaton.add_ClientData>, <function TLSClientAutomaton.no_more_ClientData>]}
- eofs: Dict[str, _StateWrapper] = {}
- initial_states: List[_StateWrapper] = [<function ATMT.state.<locals>.deco.<locals>._state_wrapper>]
- interception_points: Set[_StateWrapper]
- ioevents: Dict[str, List[_StateWrapper]] = {'ADDED_CERTIFICATEVERIFY': [], 'ADDED_CHANGECIPHERSPEC': [], 'ADDED_CLIENTCERTIFICATE': [], 'ADDED_CLIENTDATA': [], 'ADDED_CLIENTFINISHED': [], 'ADDED_CLIENTHELLO': [], 'ADDED_CLIENTKEYEXCHANGE': [], 'CLOSE_NOTIFY': [], 'CONNECT': [], 'FINAL': [], 'HANDLED_CERTIFICATEREQUEST': [], 'HANDLED_CHANGECIPHERSPEC': [], 'HANDLED_SERVERCERTIFICATE': [], 'HANDLED_SERVERDATA': [], 'HANDLED_SERVERFINISHED': [], 'HANDLED_SERVERHELLO': [], 'HANDLED_SERVERHELLODONE': [], 'HANDLED_SERVERKEYEXCHANGE': [], 'INITIAL': [<function TLSClientAutomaton._socket>], 'INIT_TLS_SESSION': [], 'MISSING_SERVERCERTIFICATE': [], 'MISSING_SERVERHELLO': [], 'MISSING_SERVERKEYEXCHANGE': [], 'PREPARE_CLIENTFLIGHT1': [], 'PREPARE_CLIENTFLIGHT2': [], 'RECEIVED_SERVERDATA': [], 'RECEIVED_SERVERFLIGHT1': [], 'RECEIVED_SERVERFLIGHT2': [], 'SENT_CLIENTDATA': [], 'SENT_CLIENTFLIGHT1': [], 'SENT_CLIENTFLIGHT2': [], 'SOCKET_CLOSED': [], 'SSLv2_ADDED_CLIENTCERTIFICATE': [], 'SSLv2_ADDED_CLIENTDATA': [], 'SSLv2_ADDED_CLIENTFINISHED': [], 'SSLv2_ADDED_CLIENTHELLO': [], 'SSLv2_ADDED_CLIENTMASTERKEY': [], 'SSLv2_CLOSE_NOTIFY': [], 'SSLv2_HANDLED_REQUESTCERTIFICATE': [], 'SSLv2_HANDLED_SERVERDATA': [], 'SSLv2_HANDLED_SERVERFINISHED': [], 'SSLv2_HANDLED_SERVERHELLO': [], 'SSLv2_HANDLED_SERVERVERIFY': [], 'SSLv2_MISSING_SERVERFINISHED': [], 'SSLv2_MISSING_SERVERHELLO': [], 'SSLv2_MISSING_SERVERVERIFY': [], 'SSLv2_PREPARE_CLIENTHELLO': [], 'SSLv2_RECEIVED_SERVERDATA': [], 'SSLv2_RECEIVED_SERVERFINISHED': [], 'SSLv2_RECEIVED_SERVERHELLO': [], 'SSLv2_RECEIVED_SERVERVERIFY': [], 'SSLv2_SENT_CLIENTCERTIFICATE': [], 'SSLv2_SENT_CLIENTDATA': [], 'SSLv2_SENT_CLIENTFINISHED': [], 'SSLv2_SENT_CLIENTHELLO': [], 'SSLv2_SENT_CLIENTMASTERKEY': [], 'SSLv2_WAITING_CLIENTDATA': [], 'SSLv2_WAITING_SERVERDATA': [], 'SSLv2_WAITING_SERVERFINISHED': [], 'SSLv2_WAITING_SERVERHELLO': [], 'SSLv2_WAITING_SERVERVERIFY': [], 'STOP': [], 'TLS13_ADDED_CERTIFICATEVERIFY': [], 'TLS13_ADDED_CLIENTCERTIFICATE': [], 'TLS13_ADDED_CLIENTFINISHED': [], 'TLS13_ADDED_CLIENTHELLO': [], 'TLS13_HANDLED_ALERT_FROM_SERVERFLIGHT1': [], 'TLS13_HANDLED_CERTIFICATE': [], 'TLS13_HANDLED_CERTIFICATEREQUEST': [], 'TLS13_HANDLED_CERTIFICATE_VERIFY': [], 'TLS13_HANDLED_CHANGE_CIPHER_SPEC': [], 'TLS13_HANDLED_ENCRYPTEDEXTENSIONS': [], 'TLS13_HANDLED_FINISHED': [], 'TLS13_HANDLED_SERVERHELLO': [], 'TLS13_HELLO_RETRY_REQUESTED': [], 'TLS13_PREPARE_CLIENTFLIGHT2': [], 'TLS13_RECEIVED_NEW_SESSION_TICKET': [], 'TLS13_RECEIVED_POST_AUTHENTICATION_REQUEST': [], 'TLS13_RECEIVED_SERVERFLIGHT1': [], 'TLS13_SENDING_CLIENTFLIGHT1': [], 'TLS13_SENT_CLIENTFLIGHT1': [], 'TLS13_SENT_CLIENTFLIGHT2': [], 'TLS13_START': [], 'TLS13_WAITING_SERVERFLIGHT1': [], 'WAITING_SERVERDATA': [], 'WAITING_SERVERFLIGHT1': [], 'WAITING_SERVERFLIGHT2': [], 'WAIT_CLIENTDATA': []}
- ionames: List[str] = ['tls']
- iosupersockets: List[SuperSocket] = [<function TLSClientAutomaton._socket>]
- listen_sock: SuperSocket | None
- packets: PacketList
- parse_args(server='127.0.0.1', dport=4433, server_name=None, mycert=None, mykey=None, client_hello=None, version=None, resumption_master_secret=None, session_ticket_file_in=None, session_ticket_file_out=None, psk=None, psk_mode=None, data=None, ciphersuite: int | None = None, curve: str | None = None, supported_groups=None, supported_signature_algorithms=None, **kargs)[source]
- recv_conditions: Dict[str, List[_StateWrapper]] = {'ADDED_CERTIFICATEVERIFY': [], 'ADDED_CHANGECIPHERSPEC': [], 'ADDED_CLIENTCERTIFICATE': [], 'ADDED_CLIENTDATA': [], 'ADDED_CLIENTFINISHED': [], 'ADDED_CLIENTHELLO': [], 'ADDED_CLIENTKEYEXCHANGE': [], 'CLOSE_NOTIFY': [], 'CONNECT': [], 'FINAL': [], 'HANDLED_CERTIFICATEREQUEST': [], 'HANDLED_CHANGECIPHERSPEC': [], 'HANDLED_SERVERCERTIFICATE': [], 'HANDLED_SERVERDATA': [], 'HANDLED_SERVERFINISHED': [], 'HANDLED_SERVERHELLO': [], 'HANDLED_SERVERHELLODONE': [], 'HANDLED_SERVERKEYEXCHANGE': [], 'INITIAL': [], 'INIT_TLS_SESSION': [], 'MISSING_SERVERCERTIFICATE': [], 'MISSING_SERVERHELLO': [], 'MISSING_SERVERKEYEXCHANGE': [], 'PREPARE_CLIENTFLIGHT1': [], 'PREPARE_CLIENTFLIGHT2': [], 'RECEIVED_SERVERDATA': [], 'RECEIVED_SERVERFLIGHT1': [], 'RECEIVED_SERVERFLIGHT2': [], 'SENT_CLIENTDATA': [], 'SENT_CLIENTFLIGHT1': [], 'SENT_CLIENTFLIGHT2': [], 'SOCKET_CLOSED': [], 'SSLv2_ADDED_CLIENTCERTIFICATE': [], 'SSLv2_ADDED_CLIENTDATA': [], 'SSLv2_ADDED_CLIENTFINISHED': [], 'SSLv2_ADDED_CLIENTHELLO': [], 'SSLv2_ADDED_CLIENTMASTERKEY': [], 'SSLv2_CLOSE_NOTIFY': [], 'SSLv2_HANDLED_REQUESTCERTIFICATE': [], 'SSLv2_HANDLED_SERVERDATA': [], 'SSLv2_HANDLED_SERVERFINISHED': [], 'SSLv2_HANDLED_SERVERHELLO': [], 'SSLv2_HANDLED_SERVERVERIFY': [], 'SSLv2_MISSING_SERVERFINISHED': [], 'SSLv2_MISSING_SERVERHELLO': [], 'SSLv2_MISSING_SERVERVERIFY': [], 'SSLv2_PREPARE_CLIENTHELLO': [], 'SSLv2_RECEIVED_SERVERDATA': [], 'SSLv2_RECEIVED_SERVERFINISHED': [], 'SSLv2_RECEIVED_SERVERHELLO': [], 'SSLv2_RECEIVED_SERVERVERIFY': [], 'SSLv2_SENT_CLIENTCERTIFICATE': [], 'SSLv2_SENT_CLIENTDATA': [], 'SSLv2_SENT_CLIENTFINISHED': [], 'SSLv2_SENT_CLIENTHELLO': [], 'SSLv2_SENT_CLIENTMASTERKEY': [], 'SSLv2_WAITING_CLIENTDATA': [], 'SSLv2_WAITING_SERVERDATA': [], 'SSLv2_WAITING_SERVERFINISHED': [], 'SSLv2_WAITING_SERVERHELLO': [], 'SSLv2_WAITING_SERVERVERIFY': [], 'STOP': [], 'TLS13_ADDED_CERTIFICATEVERIFY': [], 'TLS13_ADDED_CLIENTCERTIFICATE': [], 'TLS13_ADDED_CLIENTFINISHED': [], 'TLS13_ADDED_CLIENTHELLO': [], 'TLS13_HANDLED_ALERT_FROM_SERVERFLIGHT1': [], 'TLS13_HANDLED_CERTIFICATE': [], 'TLS13_HANDLED_CERTIFICATEREQUEST': [], 'TLS13_HANDLED_CERTIFICATE_VERIFY': [], 'TLS13_HANDLED_CHANGE_CIPHER_SPEC': [], 'TLS13_HANDLED_ENCRYPTEDEXTENSIONS': [], 'TLS13_HANDLED_FINISHED': [], 'TLS13_HANDLED_SERVERHELLO': [], 'TLS13_HELLO_RETRY_REQUESTED': [], 'TLS13_PREPARE_CLIENTFLIGHT2': [], 'TLS13_RECEIVED_NEW_SESSION_TICKET': [], 'TLS13_RECEIVED_POST_AUTHENTICATION_REQUEST': [], 'TLS13_RECEIVED_SERVERFLIGHT1': [], 'TLS13_SENDING_CLIENTFLIGHT1': [], 'TLS13_SENT_CLIENTFLIGHT1': [], 'TLS13_SENT_CLIENTFLIGHT2': [], 'TLS13_START': [], 'TLS13_WAITING_SERVERFLIGHT1': [], 'WAITING_SERVERDATA': [], 'WAITING_SERVERFLIGHT1': [], 'WAITING_SERVERFLIGHT2': [], 'WAIT_CLIENTDATA': []}
- send_sock: SuperSocket | None
- should_add_ClientCertificate()[source]
If the server sent a CertificateRequest, we send a Certificate message. If no certificate is available, an empty Certificate message is sent: - this is a SHOULD in RFC 4346 (Section 7.4.6) - this is a MUST in RFC 5246 (Section 7.4.6)
XXX We may want to add a complete chain.
- should_add_ClientVerify()[source]
XXX Section 7.4.7.1 of RFC 5246 states that the CertificateVerify message is only sent following a client certificate that has signing capability (i.e. not those containing fixed DH params). We should verify that before adding the message. We should also handle the case when the Certificate message was empty.
- should_handle_CertificateRequest()[source]
XXX We should check the CertificateRequest attributes for discrepancies with the cipher suite, etc.
- should_handle_ServerHello()[source]
XXX We should check the ServerHello attributes for discrepancies with our own ClientHello.
- should_handle_ServerKeyExchange_from_ServerCertificate()[source]
XXX We should check the ServerKeyExchange attributes for discrepancies with our own ClientHello, along with the ServerHello and Certificate.
- states: Dict[str, _StateWrapper] = {'ADDED_CERTIFICATEVERIFY': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'ADDED_CHANGECIPHERSPEC': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'ADDED_CLIENTCERTIFICATE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'ADDED_CLIENTDATA': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'ADDED_CLIENTFINISHED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'ADDED_CLIENTHELLO': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'ADDED_CLIENTKEYEXCHANGE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'CLOSE_NOTIFY': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'CONNECT': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'FINAL': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'HANDLED_CERTIFICATEREQUEST': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'HANDLED_CHANGECIPHERSPEC': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'HANDLED_SERVERCERTIFICATE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'HANDLED_SERVERDATA': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'HANDLED_SERVERFINISHED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'HANDLED_SERVERHELLO': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'HANDLED_SERVERHELLODONE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'HANDLED_SERVERKEYEXCHANGE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'INITIAL': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'INIT_TLS_SESSION': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'MISSING_SERVERCERTIFICATE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'MISSING_SERVERHELLO': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'MISSING_SERVERKEYEXCHANGE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'PREPARE_CLIENTFLIGHT1': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'PREPARE_CLIENTFLIGHT2': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'RECEIVED_SERVERDATA': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'RECEIVED_SERVERFLIGHT1': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'RECEIVED_SERVERFLIGHT2': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SENT_CLIENTDATA': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SENT_CLIENTFLIGHT1': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SENT_CLIENTFLIGHT2': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SOCKET_CLOSED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_ADDED_CLIENTCERTIFICATE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_ADDED_CLIENTDATA': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_ADDED_CLIENTFINISHED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_ADDED_CLIENTHELLO': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_ADDED_CLIENTMASTERKEY': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_CLOSE_NOTIFY': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_HANDLED_REQUESTCERTIFICATE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_HANDLED_SERVERDATA': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_HANDLED_SERVERFINISHED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_HANDLED_SERVERHELLO': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_HANDLED_SERVERVERIFY': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_MISSING_SERVERFINISHED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_MISSING_SERVERHELLO': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_MISSING_SERVERVERIFY': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_PREPARE_CLIENTHELLO': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_RECEIVED_SERVERDATA': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_RECEIVED_SERVERFINISHED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_RECEIVED_SERVERHELLO': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_RECEIVED_SERVERVERIFY': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_SENT_CLIENTCERTIFICATE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_SENT_CLIENTDATA': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_SENT_CLIENTFINISHED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_SENT_CLIENTHELLO': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_SENT_CLIENTMASTERKEY': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_WAITING_CLIENTDATA': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_WAITING_SERVERDATA': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_WAITING_SERVERFINISHED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_WAITING_SERVERHELLO': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SSLv2_WAITING_SERVERVERIFY': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'STOP': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_ADDED_CERTIFICATEVERIFY': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_ADDED_CLIENTCERTIFICATE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_ADDED_CLIENTFINISHED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_ADDED_CLIENTHELLO': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_HANDLED_ALERT_FROM_SERVERFLIGHT1': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_HANDLED_CERTIFICATE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_HANDLED_CERTIFICATEREQUEST': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_HANDLED_CERTIFICATE_VERIFY': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_HANDLED_CHANGE_CIPHER_SPEC': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_HANDLED_ENCRYPTEDEXTENSIONS': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_HANDLED_FINISHED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_HANDLED_SERVERHELLO': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_HELLO_RETRY_REQUESTED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_PREPARE_CLIENTFLIGHT2': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_RECEIVED_NEW_SESSION_TICKET': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_RECEIVED_POST_AUTHENTICATION_REQUEST': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_RECEIVED_SERVERFLIGHT1': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_SENDING_CLIENTFLIGHT1': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_SENT_CLIENTFLIGHT1': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_SENT_CLIENTFLIGHT2': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_START': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'TLS13_WAITING_SERVERFLIGHT1': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'WAITING_SERVERDATA': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'WAITING_SERVERFLIGHT1': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'WAITING_SERVERFLIGHT2': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'WAIT_CLIENTDATA': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>}
- stop_state(*args: ATMT, **kargs: Any) NewStateRequested [source]
- threadid: int | None
- timeout: Dict[str, _TimerList] = {'ADDED_CERTIFICATEVERIFY': [], 'ADDED_CHANGECIPHERSPEC': [], 'ADDED_CLIENTCERTIFICATE': [], 'ADDED_CLIENTDATA': [], 'ADDED_CLIENTFINISHED': [], 'ADDED_CLIENTHELLO': [], 'ADDED_CLIENTKEYEXCHANGE': [], 'CLOSE_NOTIFY': [], 'CONNECT': [], 'FINAL': [], 'HANDLED_CERTIFICATEREQUEST': [], 'HANDLED_CHANGECIPHERSPEC': [], 'HANDLED_SERVERCERTIFICATE': [], 'HANDLED_SERVERDATA': [], 'HANDLED_SERVERFINISHED': [], 'HANDLED_SERVERHELLO': [], 'HANDLED_SERVERHELLODONE': [], 'HANDLED_SERVERKEYEXCHANGE': [], 'INITIAL': [], 'INIT_TLS_SESSION': [], 'MISSING_SERVERCERTIFICATE': [], 'MISSING_SERVERHELLO': [], 'MISSING_SERVERKEYEXCHANGE': [], 'PREPARE_CLIENTFLIGHT1': [], 'PREPARE_CLIENTFLIGHT2': [], 'RECEIVED_SERVERDATA': [], 'RECEIVED_SERVERFLIGHT1': [], 'RECEIVED_SERVERFLIGHT2': [], 'SENT_CLIENTDATA': [], 'SENT_CLIENTFLIGHT1': [], 'SENT_CLIENTFLIGHT2': [], 'SOCKET_CLOSED': [], 'SSLv2_ADDED_CLIENTCERTIFICATE': [], 'SSLv2_ADDED_CLIENTDATA': [], 'SSLv2_ADDED_CLIENTFINISHED': [], 'SSLv2_ADDED_CLIENTHELLO': [], 'SSLv2_ADDED_CLIENTMASTERKEY': [], 'SSLv2_CLOSE_NOTIFY': [], 'SSLv2_HANDLED_REQUESTCERTIFICATE': [], 'SSLv2_HANDLED_SERVERDATA': [], 'SSLv2_HANDLED_SERVERFINISHED': [], 'SSLv2_HANDLED_SERVERHELLO': [], 'SSLv2_HANDLED_SERVERVERIFY': [], 'SSLv2_MISSING_SERVERFINISHED': [], 'SSLv2_MISSING_SERVERHELLO': [], 'SSLv2_MISSING_SERVERVERIFY': [], 'SSLv2_PREPARE_CLIENTHELLO': [], 'SSLv2_RECEIVED_SERVERDATA': [], 'SSLv2_RECEIVED_SERVERFINISHED': [], 'SSLv2_RECEIVED_SERVERHELLO': [], 'SSLv2_RECEIVED_SERVERVERIFY': [], 'SSLv2_SENT_CLIENTCERTIFICATE': [], 'SSLv2_SENT_CLIENTDATA': [], 'SSLv2_SENT_CLIENTFINISHED': [], 'SSLv2_SENT_CLIENTHELLO': [], 'SSLv2_SENT_CLIENTMASTERKEY': [], 'SSLv2_WAITING_CLIENTDATA': [], 'SSLv2_WAITING_SERVERDATA': [], 'SSLv2_WAITING_SERVERFINISHED': [], 'SSLv2_WAITING_SERVERHELLO': [], 'SSLv2_WAITING_SERVERVERIFY': [], 'STOP': [], 'TLS13_ADDED_CERTIFICATEVERIFY': [], 'TLS13_ADDED_CLIENTCERTIFICATE': [], 'TLS13_ADDED_CLIENTFINISHED': [], 'TLS13_ADDED_CLIENTHELLO': [], 'TLS13_HANDLED_ALERT_FROM_SERVERFLIGHT1': [], 'TLS13_HANDLED_CERTIFICATE': [], 'TLS13_HANDLED_CERTIFICATEREQUEST': [], 'TLS13_HANDLED_CERTIFICATE_VERIFY': [], 'TLS13_HANDLED_CHANGE_CIPHER_SPEC': [], 'TLS13_HANDLED_ENCRYPTEDEXTENSIONS': [], 'TLS13_HANDLED_FINISHED': [], 'TLS13_HANDLED_SERVERHELLO': [], 'TLS13_HELLO_RETRY_REQUESTED': [], 'TLS13_PREPARE_CLIENTFLIGHT2': [], 'TLS13_RECEIVED_NEW_SESSION_TICKET': [], 'TLS13_RECEIVED_POST_AUTHENTICATION_REQUEST': [], 'TLS13_RECEIVED_SERVERFLIGHT1': [], 'TLS13_SENDING_CLIENTFLIGHT1': [], 'TLS13_SENT_CLIENTFLIGHT1': [], 'TLS13_SENT_CLIENTFLIGHT2': [], 'TLS13_START': [], 'TLS13_WAITING_SERVERFLIGHT1': [], 'WAITING_SERVERDATA': [], 'WAITING_SERVERFLIGHT1': [], 'WAITING_SERVERFLIGHT2': [], 'WAIT_CLIENTDATA': []}
- tls13_should_add_ClientCertificate()[source]
If the server sent a CertificateRequest, we send a Certificate message. If no certificate is available, an empty Certificate message is sent: - this is a SHOULD in RFC 4346 (Section 7.4.6) - this is a MUST in RFC 5246 (Section 7.4.6)
XXX We may want to add a complete chain.
- tls13_should_add_ClientCertificateVerify()[source]
XXX Section 7.4.7.1 of RFC 5246 states that the CertificateVerify message is only sent following a client certificate that has signing capability (i.e. not those containing fixed DH params). We should verify that before adding the message. We should also handle the case when the Certificate message was empty.
- tls13_should_handle_HelloRetryRequest()[source]
XXX We should check the ServerHello attributes for discrepancies with our own ClientHello.
- tls13_should_handle_ServerHello()[source]
XXX We should check the ServerHello attributes for discrepancies with our own ClientHello.
- tls13_should_handle_certificateRequest_from_encryptedExtensions()[source]
XXX We should check the CertificateRequest attributes for discrepancies with the cipher suite, etc.
- tlslink = <scapy.automaton._ATMT_to_supersocket object>