MCPcopy Index your code
hub / github.com/djc/pyrtls

github.com/djc/pyrtls @v0.1.3

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.1.3 ↗ · + Follow
58 symbols 122 edges 8 files 23 documented · 40% updated 8d ago★ 1045 open issues
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

pyrtls: rustls-based modern TLS for Python

Latest version Documentation CI

pyrtls provides bindings to rustls, a modern Rust-based TLS implementation with an API that is intended to be easy to use to replace the ssl module (but not entirely compatible with it).

In addition to being memory-safe, the library is designed to be more secure by default. As such, it does not implement older protocol versions, cipher suites with known security problems, and some problematic features of the TLS protocol. For more details, review the rustls manual.

[!WARNING] This project is just getting started. While rustls is mature, the Python bindings are pretty new and not yet feature-complete. Please consider helping out (see below).

Why?

To bring the security and performance of rustls to the Python world.

So far this is a side project. Please consider helping out:

  • Please help fund this work on GitHub Sponsors
  • Pull requests welcome, of course!
  • Feedback through issues is highly appreciated
  • If you're interested in commercial support, please contact me

Features

  • Support for TLS 1.2 and 1.3
  • Support for commonly used secure cipher suites
  • Support for ALPN protocol negotiation
  • Support for Server Name Indication (SNI)
  • Support for session resumption
  • Clients use the OS certificate trust store by default
  • Exposes socket wrapper as well as sans I/O APIs
  • In basic tests, performance is comparable to the ssl module

Not implemented

  • TLS 1.1 and older versions of the protocol
  • Older cipher suites with security problems
  • Using CA certificates directly to authenticate a server/client (often called self-signed certificates). The built-in certificate verifier does not support using a trust anchor as both a CA certificate and an end-entity certificate, in order to limit complexity and risk in path building.

Core symbols most depended-on inside this repo

read
called by 8
src/lib.rs
send
called by 5
src/lib.rs
recv
called by 5
src/lib.rs
connect
called by 4
src/client.rs
py_to_pem
called by 3
src/lib.rs
wrap_socket
called by 3
src/server.rs
extract_alpn_protocols
called by 2
src/lib.rs
py_to_cert_der
called by 2
src/lib.rs

Shape

Method 35
Function 13
Class 10

Languages

Rust88%
Python12%

Modules by API surface

src/lib.rs18 symbols
src/server.rs16 symbols
src/client.rs16 symbols
test.py3 symbols
bench/bench_ssl.py2 symbols
bench/bench_pyrtls.py2 symbols
examples/generate-certs.rs1 symbols

For agents

$ claude mcp add pyrtls \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact