ssl

The ssl module provides SSL contexts to wrap sockets in.

This module implements a subset of the corresponding CPython module, as described below. For more information, refer to the original CPython documentation: cpython:ssl.

Available on these boards
  • 01Space 0.42 OLED ESP32C3
  • AITHinker ESP32-C3S_Kit
  • AITHinker ESP32-C3S_Kit_2M
  • ATMegaZero ESP32-S2
  • Adafruit Camera
  • Adafruit Feather ESP32 V2
  • Adafruit Feather ESP32-C6 4MB Flash No PSRAM
  • Adafruit Feather ESP32-S2 Reverse TFT
  • Adafruit Feather ESP32-S2 TFT
  • Adafruit Feather ESP32-S3 Reverse TFT
  • Adafruit Feather ESP32-S3 TFT
  • Adafruit Feather ESP32S2
  • Adafruit Feather ESP32S3 4MB Flash 2MB PSRAM
  • Adafruit Feather ESP32S3 No PSRAM
  • Adafruit Feather HUZZAH32
  • Adafruit FunHouse
  • Adafruit HUZZAH32 Breakout
  • Adafruit ItsyBitsy ESP32
  • Adafruit MagTag
  • Adafruit MatrixPortal S3
  • Adafruit Metro ESP32S2
  • Adafruit Metro ESP32S3
  • Adafruit QT Py ESP32 PICO
  • Adafruit QT Py ESP32-S3 4MB Flash 2MB PSRAM
  • Adafruit QT Py ESP32-S3 no psram
  • Adafruit QT Py ESP32C3
  • Adafruit QT Py ESP32S2
  • Adafruit-Qualia-S3-RGB666
  • Arduino Nano ESP32
  • Artisense Reference Design RD00
  • BLING!
  • BPI-Bit-S2
  • BPI-Leaf-S3
  • BPI-PicoW-S3
  • BastWiFi
  • Bee-Data-Logger
  • Bee-Motion-S3
  • Bee-S3
  • BlizzardS3
  • CRCibernetica IdeaBoard
  • ColumbiaDSL-Sensor-Board-V1
  • CrumpS2
  • Cytron EDU PICO W
  • Cytron Maker Feather AIoT S3
  • DFRobot Beetle ESP32-C3
  • DFRobot FireBeetle 2 ESP32-S3
  • Deneyap Kart
  • Deneyap Kart 1A
  • Deneyap Kart 1A v2
  • Deneyap Kart G
  • Deneyap Mini
  • Deneyap Mini v2
  • ES3ink
  • ESP 12k NodeMCU
  • ESP32 Devkit V1
  • ESP32-C3-DevKitM-1
  • ESP32-C6-DevKitC-1-N8
  • ESP32-C6-DevKitM-1
  • ESP32-S2-DevKitC-1-N4
  • ESP32-S2-DevKitC-1-N4R2
  • ESP32-S2-DevKitC-1-N8R2
  • ESP32-S3-Box-2.5
  • ESP32-S3-Box-Lite
  • ESP32-S3-DevKitC-1-N32R8
  • ESP32-S3-DevKitC-1-N8
  • ESP32-S3-DevKitC-1-N8R2
  • ESP32-S3-DevKitC-1-N8R8
  • ESP32-S3-DevKitC-1-N8R8-with-HACKTABLET
  • ESP32-S3-DevKitM-1-N8
  • ESP32-S3-EYE
  • ESP32-S3-USB-OTG-N8
  • Espressif ESP32 DevKitc V4 WROOM-32E
  • Espressif ESP32 DevKitc V4 WROVER
  • Espressif ESP32-EYE
  • Espressif ESP32-LyraT
  • Espressif-ESP32-S3-LCD-EV-Board
  • FeatherS2
  • FeatherS2 Neo
  • FeatherS2 PreRelease
  • FeatherS3
  • Flipper Zero Wi-Fi Dev
  • Franzininho WIFI w/Wroom
  • Franzininho WIFI w/Wrover
  • Gravitech Cucumber M
  • Gravitech Cucumber MS
  • Gravitech Cucumber R
  • Gravitech Cucumber RS
  • HMI-DevKit-1.1
  • Hardkernel Odroid Go
  • Heltec ESP32-S3-WIFI-LoRa-V3
  • HexKyS2
  • IoTs2
  • Kaluga 1
  • LILYGO T-DECK
  • LILYGO T-DISPLAY S3 v1.2
  • LILYGO TEMBED ESP32S3
  • LILYGO TTGO T-01C3
  • LILYGO TTGO T-DISPLAY v1.1
  • LILYGO TTGO T-DISPLAY v1.1 4M
  • LILYGO TTGO T-OI PLUS
  • LILYGO TTGO T8 ESP32-S2
  • LILYGO TTGO T8 ESP32-S2 w/Display
  • LOLIN S3 16MB Flash 8MB PSRAM
  • LOLIN S3 MINI 4MB Flash 2MB PSRAM
  • LOLIN S3 PRO 16MB Flash 8MB PSRAM
  • Lilygo T-watch 2020 V3
  • Luatos Core-ESP32C3
  • M5 Stack Cardputer
  • M5STACK STAMP-C3
  • M5Stack Atom Echo
  • M5Stack Atom Lite
  • M5Stack Atom Matrix
  • M5Stack Atom U
  • M5Stack AtomS3
  • M5Stack AtomS3 Lite
  • M5Stack AtomS3U
  • M5Stack Core Basic
  • M5Stack Core Fire
  • M5Stack Core2
  • M5Stack Dial
  • M5Stack M5Paper
  • M5Stack Stick C
  • M5Stack Stick C Plus
  • M5Stack Timer Camera X
  • MORPHEANS MorphESP-240
  • MagiClick S3 N4R2
  • Maker badge by Czech maker
  • MakerFabs-ESP32-S3-Parallel-TFT-With-Touch-7inch
  • MicroDev microC3
  • MicroDev microS2
  • MixGo CE
  • NanoS3
  • Neuron
  • Oak Dev Tech PixelWing ESP32S2
  • Oxocard Artwork
  • Oxocard Connect
  • Oxocard Galaxy
  • Oxocard Science
  • Pajenicko PicoPad
  • Pimoroni Badger 2040 W
  • Pimoroni Inky Frame 5.7
  • Pimoroni Inky Frame 7.3
  • Pimoroni Pico DV Base W
  • Pimoroni Plasma 2040W
  • ProS3
  • Raspberry Pi Pico W
  • S2Mini
  • S2Pico
  • Saola 1 w/Wroom
  • Saola 1 w/Wrover
  • Seeed Studio XIAO ESP32C3
  • TTGO T8 ESP32-S2-WROOM
  • Targett Module Clip w/Wroom
  • Targett Module Clip w/Wrover
  • TinyC6
  • TinyPICO
  • TinyPICO Nano
  • TinyS2
  • TinyS3
  • TinyWATCH S3
  • VCC-GND YD-ESP32-S3 (N16R8)
  • VCC-GND YD-ESP32-S3 (N8R8)
  • Waveshare ESP32-S2-Pico
  • Waveshare ESP32-S2-Pico-LCD
  • Waveshare ESP32-S3-Pico
  • Waveshare ESP32-S3-Zero
  • WeAct ESP32-C6 (4MB)
  • WeAct ESP32-C6 (8MB)
  • Wemos Lolin C3 Mini" // from Wemos MP
  • Wemos Lolin C3 Pico" // from Wemos MP
  • nanoESP32-S2 w/Wrover
  • nanoESP32-S2 w/Wroom
  • senseBox MCU-S2 ESP32S2

ssl.create_default_context() SSLContext

Return the default SSLContext.

class ssl.SSLContext

Settings related to SSL that can be applied to a socket by wrapping it. This is useful to provide SSL certificates to specific connections rather than all of them.

check_hostname: bool

Whether to match the peer certificate’s hostname.

load_cert_chain(certfile: str, keyfile: str) None

Load a private key and the corresponding certificate.

The certfile string must be the path to a single file in PEM format containing the certificate as well as any number of CA certificates needed to establish the certificate’s authenticity. The keyfile string must point to a file containing the private key.

load_verify_locations(cafile: str | None = None, capath: str | None = None, cadata: str | None = None) None

Load a set of certification authority (CA) certificates used to validate other peers’ certificates.

Parameters:
  • cafile (str) – path to a file of contcatenated CA certificates in PEM format. Not implemented.

  • capath (str) – path to a directory of CA certificate files in PEM format. Not implemented.

  • cadata (str) – A single CA certificate in PEM format. Limitation: CPython allows one or more certificates, but this implementation is limited to one.

set_default_verify_paths() None

Load a set of default certification authority (CA) certificates.

wrap_socket(sock: socketpool.Socket, *, server_side: bool = False, server_hostname: str | None = None) SSLSocket

Wraps the socket into a socket-compatible class that handles SSL negotiation. The socket must be of type SOCK_STREAM.

class ssl.SSLSocket

Implements TLS security on a subset of socketpool.Socket functions. Cannot be created directly. Instead, call wrap_socket on an existing socket object.

Provides a subset of CPython’s ssl.SSLSocket API. It only implements the versions of recv that do not allocate bytes objects.

__hash__() int

Returns a hash for the Socket.

__enter__() SSLSocket

No-op used by Context Managers.

__exit__() None

Automatically closes the Socket when exiting a context. See Lifetime and ContextManagers for more info.

accept() Tuple[SSLSocket, Tuple[str, int]]

Accept a connection on a listening socket of type SOCK_STREAM, creating a new socket of type SOCK_STREAM. Returns a tuple of (new_socket, remote_address)

bind(address: Tuple[str, int]) None

Bind a socket to an address

Parameters:

address (~tuple) – tuple of (remote_address, remote_port)

close() None

Closes this Socket

connect(address: Tuple[str, int]) None

Connect a socket to a remote address

Parameters:

address (~tuple) – tuple of (remote_address, remote_port)

listen(backlog: int) None

Set socket to listen for incoming connections

Parameters:

backlog (~int) – length of backlog queue for waiting connetions

recv_into(buffer: circuitpython_typing.WriteableBuffer, bufsize: int) int

Reads some bytes from the connected remote address, writing into the provided buffer. If bufsize <= len(buffer) is given, a maximum of bufsize bytes will be read into the buffer. If no valid value is given for bufsize, the default is the length of the given buffer.

Suits sockets of type SOCK_STREAM Returns an int of number of bytes read.

Parameters:
  • buffer (bytearray) – buffer to receive into

  • bufsize (int) – optionally, a maximum number of bytes to read.

send(bytes: circuitpython_typing.ReadableBuffer) int

Send some bytes to the connected remote address. Suits sockets of type SOCK_STREAM

Parameters:

bytes (~bytes) – some bytes to send

settimeout(value: int) None

Set the timeout value for this socket.

Parameters:

value (~int) – timeout in seconds. 0 means non-blocking. None means block indefinitely.

setblocking(flag: bool) int | None

Set the blocking behaviour of this socket.

Parameters:

flag (~bool) – False means non-blocking, True means block indefinitely.