Description:

pyrtls 0.1.3

pyrtls: rustls-based modern TLS for Python



pyrtls provides bindings to rustls, a modern Rust-based TLS implementation with an API that is
intended to be easy to use to replace the ssl module (but not entirely compatible with it).
In addition to being memory-safe, the library is designed to be more secure by default. As such,
it does not implement older protocol versions, cipher suites with known security problems, and
some problematic features of the TLS protocol. For more details, review the rustls manual.

[!WARNING]
This project is just getting started. While rustls is mature, the Python bindings
are pretty new and not yet feature-complete. Please consider helping out (see below).

Why?
To bring the security and performance of rustls to the Python world.
So far this is a side project. Please consider helping out:

Please help fund this work on GitHub Sponsors
Pull requests welcome, of course!
Feedback through issues is highly appreciated
If you're interested in commercial support, please contact me

Features

Support for TLS 1.2 and 1.3
Support for commonly used secure cipher suites
Support for ALPN protocol negotiation
Support for Server Name Indication (SNI)
Support for session resumption
Clients use the OS certificate trust store by default
Exposes socket wrapper as well as sans I/O APIs
In basic tests, performance is comparable to the ssl module

Not implemented

TLS 1.1 and older versions of the protocol
Older cipher suites with security problems
Using CA certificates directly to authenticate a server/client (often called self-signed
certificates). The built-in certificate verifier does not support using a trust anchor
as both a CA certificate and an end-entity certificate, in order to limit complexity and
risk in path building.

License

For personal and professional use. You cannot resell or redistribute these repositories in their original state.

Share

• Share on Facebook
• Share on Twitter