发表新帖
发表新帖

“no shared cipher” error with python and OpenSSL

后端 未结
关注
2 1078
失恋的感觉
失恋的感觉 2021-01-18 12:13

Server: 

#!/usr/bin/env python

import SocketServer
import json
from OpenSSL import SSL
import os
import socket

TERMINATION_STRING = \"Done\"

CERTIFICATE_P
相关标签:
2条回答
  • 隐瞒了意图╮
    2021-01-18 12:40

    One error is:

    data += self.request.recv(1024).encode('utf-8').strip

    that leads me to a 

    TypeError: cannot concatenate 'str' and 'builtin_function_or_method' objects

    It should be:

    data += self.request.recv(1024).encode('utf-8').strip()

    That example works for me.

    Got cert: <X509Name object '/C=IT/ST=XXX/L=YYY/O=ZZZ/OU=NNN/CN=CA'>
Got cert: <X509Name object '/C=IT/ST=XXX/L=YYY/O=ZZZ/OU=NNN/CN=Server'>

    Tested with Stock 10.04 Ubuntu server and packages installed from apt-get.

    python-openssl                    0.10-1
openssl                           0.9.8k-7ubuntu8
python                            2.6.5-0ubuntu1

    You should check your certificate/CA, or test server with some simple script that list some available ciphers: https://superuser.com/questions/109213/is-there-a-tool-that-can-test-what-ssl-tls-cipher-suites-a-particular-website-of

    Update 2:

    In order to exclude some issues with certificates you could generate some CA and server/client certificates like in http://acs.lbl.gov/~boverhof/openssl_certs.html

    0 讨论(0)
  • 渐次进展
    2021-01-18 12:48

    Try to change order to this:

    ...
ctx.use_certificate_file(CERTIFICATE_PATH)
ctx.use_privatekey_file(KEY_PATH)
...

    When I use this order in my code I get meanfull error message on server start (not on client connect):

    Traceback (most recent call last):
  File "src/server_main.py", line 230, in <module>
    s = SSLClientsAuthServer()
  File "src/server_main.py", line 134, in __init__
    ctx.use_privatekey_file (self.config.value['SERVER_KEY'])
OpenSSL.SSL.Error: [('x509 certificate routines', 'X509_check_private_key', 'key values mismatch')]

    This is because I have really used webserver.key that not corresponds webserver.crt:

    $ openssl x509 -text -in certs/webserver.crt
Certificate:
Data:
    Version: 3 (0x2)
...
            Modulus:
                00:a1:b6:e3:ce:53:3d:c9:96:a6:06:1d:3e:ae:34:
....


$ openssl rsa -text -in keys/webserver.key
Private-Key: (2048 bit)
modulus:
    00:b7:34:61:d7:c7:0d:2b:5c:57:26:d0:8d:7a:04:
....

    Make sure you have used the same RSA key.

    0 讨论(0)
 看不清?
提交回复
热议问题