5.5.9.2. ClientOnlyStartTLSEncryption methods

MethodDescription
__init__(self, client_certificate_generator, client_verify, client_tls_options) The client can optionally request STARTTLS encryption, but the server-side connection is always unencrypted.

Table 5.46. Method summary

Method __init__(self, client_certificate_generator, client_verify, client_tls_options)
The ClientOnlyStartTLSEncryption class handles scenarios when the client can optionally request STARTTLS encryption. If the client sends a STARTTLS request, the client-side connection will use STARTTLS. The server-side connection will not be encrypted.
Warning

If the client does not send a STARTTLS request, the client-side communication will not be encrypted at all. The server-side connection will never be encrypted.

Arguments of __init__
client_certificate_generator (class)
Default: n/a
The class that will generate the certificate that will be showed to the client. You can use an instance of the StaticCertificate, DynamicCertificate, or SNIBasedCertificate classes.

client_tls_options (class)
Default: ClientTLSOptions()
The protocol-level encryption settings used on the client side. This must be a ClientTLSOptions instance.

client_verify (class)
Default: ClientCertificateVerifier()
The settings used to verify the certificate of the client. This must be a ClientCertificateVerifier instance.