Ok, I finally got a solution for my problem. As I know, the TLS server was
working with DefaultOpenSSLContextFactory but this only takes file paths to
private key/certificate, I created my own SSL-Context file.
For anybody who has the same problem:
class MySSLContext(ssl.ContextFactory):
_context = None
def __init__(self,privateKey, certificate, sslmethod=SSL.TLSv1_2_METHOD,
_contextFactory=SSL.Context):
self.privateKey = privateKey
self.certificate = certificate
self._contextFactory = _contextFactory
self.sslmethod = sslmethod
self.cacheContext()
def cacheContext(self):
if(self._context is None):
ctx = self._contextFactory(self.sslmethod)
ctx.set_options(SSL.OP_NO_SSLv2)
ctx.set_options(SSL.OP_NO_SSLv3)
ctx.use_privatekey(self.privateKey)
ctx.use_certificate(self.certificate)
self._context = ctx
def getContext(self):
return self._context
This context can now work with the EC private key from secp521r1!
Gesendet: Mittwoch, 16. August 2017 um 22:15 Uhr
Von: ceeborraa <[email protected]>
An: [email protected]
Betreff: [Twisted-Python] SSLContext not valid for TLS Server
Hi,
I'm running Twisted 17.5.0 on Python 3.5.3 and want to create a TLS server with
Twisted. I strictly sticked to the example of echoserv_ssl.py on
http://twistedmatrix.com/documents/current/core/howto/ssl.html, but TLS server
is not running properly.
Despite the server starts correctly, it doesn't offer any cipher suites to the
client, no matter what kind of client is trying to connect. Any time a client
connects, the connection is immediately aborted by server with the error
message of:
<class 'OpenSSL.SSL.Error'>: [('SSL
routines','tls_post_process_client_hello',no shared cipher')]
I tried to connect to server with the TLS echo client example of
echoclient_ssl.py, with openssl s_client command and with nmap by using the
--ssl-enum-ciphers script. Each time it failed with the above error message.
If I do not use the options offered by ssl.CertificateOptions() as suggested in
the example, but instead create a ssl.DefaultOpenSSLContextFactory() where I
provide the privateKey and Certificate as filename-strings, the server works
correctly and offers the intended cipher suites.
But I need to create the SSLContext from a OpenSSL PKey-Object (private Key)
and a OpenSSL Certificate-Object. Therefore I adjusted the server code of the
TLS server example to:
certificate = ssl.Certificate(cert_obj)
privkey = ssl.KeyPair(pkey) # pkey is the OpenSSL PKey object
prkey_and_cert =
ssl.PrivateCertificate.fromCertificateAndKeyPair(certificate,privkey)
factory = protocol.Factory.forProtocol(Echo)
reactor.listenSSL(7498,factory,prkey_and_cert.options())
Again, the server starts, but it does not provide cipher suites so that no
client can connect. Same as above!
Appreciate any help!
_______________________________________________ Twisted-Python mailing list
[email protected]
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python[https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python]
_______________________________________________
Twisted-Python mailing list
[email protected]
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
