pyisyox.helpers.session module¶
HTTP session and SSL context helpers for IoX 6+ controllers.
eisy/Polisy on current IoX firmware:
Reject TLS 1.0 and 1.1 — confirmed against a current-firmware eisy with
openssl s_client(TLS 1.0/1.1 → “no protocols available”; TLS 1.2 and 1.3 negotiate).Ship a self-signed certificate.
verify_ssl=Falseis the default so out-of-the-box deployments connect; consumers who deploy their own CA can opt into verification.
This module exposes two pure helpers that take discrete parameters
(no connection-info object) so they’re trivial to call from the
pyisyox.controller.Controller and from tests:
build_sslcontext()— returns anssl.SSLContext(orNonewhen the URL is HTTP-only) honouringtls_versionandverify_ssl.can_https()— preflight check that the requested TLS version is supported on this Python build.
Original ISY-994 hardware (TLS 1.1 only) is out of scope for this
library — that path stays on PyISY 3.x. tls_version=1.1 here
raises rather than silently downgrading.
- exception TLSVersionError[source]¶
Bases:
ValueErrorRaised when the requested TLS version isn’t usable on this build.
- build_sslcontext(*, use_https, tls_version=None, verify_ssl=False)[source]¶
Build an
ssl.SSLContextfor the connection, orNonewhen the controller is reached over HTTP.- Parameters:
use_https (bool) –
Falseshort-circuits toNone.tls_version (float | None) –
None(default) auto-negotiates the highest mutually-supported version.1.2or1.3pin a specific minimum + maximum. Anything else raises.verify_ssl (bool) –
False(default) accepts the controller’s self-signed certificate.Trueenables strict verification — requires consumers to deploy their own CA.
- Raises:
TLSVersionError – When
tls_versionisn’tNone/1.2/1.3.- Return type:
SSLContext | None