使用 Python SSL 的匿名 DH 连接
Anonymous DH connection with Python SSL
我正在尝试使用匿名 Diffie-Hellman (ADH-AES256-GCM-SHA384) 在 python 中包装一个 http 连接。我确实需要为我的应用程序使用这个特定的密码套件。所以这就是我要开始的。
服务器:
import ssl
from http.server import HTTPServer, SimpleHTTPRequestHandler
context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2)
context.set_ciphers("ADH-AES256-GCM-SHA384")
server = HTTPServer(("localhost", 8080), SimpleHTTPRequestHandler)
server.socket = context.wrap_socket(server.socket)
server.serve_forever()
客户:
import ssl
import http.client
context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2)
context.set_ciphers("ADH-AES256-GCM-SHA384")
connection = http.client.HTTPSConnection("localhost", "8080", context=context)
connection.connect()
这是我得到的错误:
Traceback (most recent call last):
File "main.py", line 8, in <module>
connection.connect()
File "/usr/lib/python3.8/http/client.py", line 1424, in connect
self.sock = self._context.wrap_socket(self.sock,
File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_CIPHERS_AVAILABLE] no ciphers available (_ssl.c:1123)
如果我在客户端和服务器上都设置了密码,为什么没有可用的密码?
编辑:
我已将客户端和服务器上的密码列表更改为“ADH-AES256-GCM-SHA384:@SECLEVEL=0”。现在有一个不同的错误:
Traceback (most recent call last):
File "main.py", line 8, in <module>
connection.connect()
File "/usr/lib/python3.8/http/client.py", line 1424, in connect
self.sock = self._context.wrap_socket(self.sock,
File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1123)
我在这里找到了解决方案:
我的新服务器代码如下:
sslContext = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
sslContext.set_ciphers("ADH-AES256-GCM-SHA384:@SECLEVEL=0")
sslContext.load_dh_params("params.pem")
server = socketserver.TCPServer(("localhost", 8080), SimpleHTTPRequestHandler)
server.socket = sslContext.wrap_socket(server.socket, server_side=True)
server.serve_forever()
with params.pem 包含由 cryptography module
生成和序列化的 3072 位密钥长度的 diffie hellman 参数
我正在尝试使用匿名 Diffie-Hellman (ADH-AES256-GCM-SHA384) 在 python 中包装一个 http 连接。我确实需要为我的应用程序使用这个特定的密码套件。所以这就是我要开始的。
服务器:
import ssl
from http.server import HTTPServer, SimpleHTTPRequestHandler
context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2)
context.set_ciphers("ADH-AES256-GCM-SHA384")
server = HTTPServer(("localhost", 8080), SimpleHTTPRequestHandler)
server.socket = context.wrap_socket(server.socket)
server.serve_forever()
客户:
import ssl
import http.client
context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2)
context.set_ciphers("ADH-AES256-GCM-SHA384")
connection = http.client.HTTPSConnection("localhost", "8080", context=context)
connection.connect()
这是我得到的错误:
Traceback (most recent call last):
File "main.py", line 8, in <module>
connection.connect()
File "/usr/lib/python3.8/http/client.py", line 1424, in connect
self.sock = self._context.wrap_socket(self.sock,
File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_CIPHERS_AVAILABLE] no ciphers available (_ssl.c:1123)
如果我在客户端和服务器上都设置了密码,为什么没有可用的密码?
编辑: 我已将客户端和服务器上的密码列表更改为“ADH-AES256-GCM-SHA384:@SECLEVEL=0”。现在有一个不同的错误:
Traceback (most recent call last):
File "main.py", line 8, in <module>
connection.connect()
File "/usr/lib/python3.8/http/client.py", line 1424, in connect
self.sock = self._context.wrap_socket(self.sock,
File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1123)
我在这里找到了解决方案:
我的新服务器代码如下:
sslContext = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
sslContext.set_ciphers("ADH-AES256-GCM-SHA384:@SECLEVEL=0")
sslContext.load_dh_params("params.pem")
server = socketserver.TCPServer(("localhost", 8080), SimpleHTTPRequestHandler)
server.socket = sslContext.wrap_socket(server.socket, server_side=True)
server.serve_forever()
with params.pem 包含由 cryptography module
生成和序列化的 3072 位密钥长度的 diffie hellman 参数