tinytls is a pure python TLS1.3 protocol wrapper.
As a result of learning TLS1.3, I wrote this as a sample implementation of TLS1.3 client.
Builtin ssl module (CPython3.7+, OpenSSL1.1.1+) can use as TLS1.3 client, so there is no advantage to use it especially in Python 3.
- Available TLS1.3 only, not TLS1.2 or under.
- Support TLS_CHACHA20_POLY1305_SHA256 cipher suite only.
- Support X25519 key exchange only.
- It does not verify TLS certificate.
- Not support 0-RTT
- Client certificate authentication is not available.
- Python3.7+
- MicroPython
CPython
import socket import tinytls hostname = "enabled.tls13.com" sock = socket.create_connection((hostname, 443)) with tinytls.wrap_socket(sock) as ssock: ssock.send("GET / HTTP/1.1\r\nHost:{}\r\n\r\n".format(hostname).encode()) print(ssock.recv(4096).decode())
MicroPython
import usocket import tinytls hostname = "enabled.tls13.com" sock = usocket.socket() sock.connect(usocket.getaddrinfo(hostname, 443)[0][-1]) with tinytls.wrap_socket(sock) as ssock: ssock.send("GET / HTTP/1.1\r\nHost:{}\r\n\r\n".format(hostname).encode()) print(ssock.recv(4096).decode())
- https://github.com/tex2e/mako-tls13 (special thanks!)
- https://datatracker.ietf.org/doc/html/rfc8446
- https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant
- https://asecuritysite.com/encryption/python_25519ecdh
If you cannot connect to the server with tinytls, use a command like the following to check if the server can be connected
openssl s_client -tls1_3 -ciphersuites 'TLS_CHACHA20_POLY1305_SHA256' \ -state -debug -connect enabled.tls13.com:443