[Twisted-Python] SSLContext not valid for TLS Server
ceeborraa
ceeborraa at gmx.de
Wed Aug 16 14:15:32 MDT 2017
Hi,
I'm running Twisted 17.5.0 on Python 3.5.3 and want to create a TLS
server with Twisted. I strictly sticked to the example of
echoserv_ssl.py on
http://twistedmatrix.com/documents/current/core/howto/ssl.html, but TLS
server is not running properly.
Despite the server starts correctly, it doesn't offer any cipher suites
to the client, no matter what kind of client is trying to connect. Any
time a client connects, the connection is immediately aborted by server
with the error message of:
<class 'OpenSSL.SSL.Error'>: [('SSL
routines','tls_post_process_client_hello',no shared cipher')]
I tried to connect to server with the TLS echo client example of
echoclient_ssl.py, with openssl s_client command and with nmap by using
the --ssl-enum-ciphers script. Each time it failed with the above error
message.
If I do not use the options offered by ssl.CertificateOptions() as
suggested in the example, but instead create a
ssl.DefaultOpenSSLContextFactory() where I provide the privateKey and
Certificate as filename-strings, the server works correctly and offers
the intended cipher suites.
But I need to create the SSLContext from a OpenSSL PKey-Object (private
Key) and a OpenSSL Certificate-Object. Therefore I adjusted the server
code of the TLS server example to:
certificate = ssl.Certificate(cert_obj)
privkey = ssl.KeyPair(pkey) # pkey is the OpenSSL PKey object
prkey_and_cert =
ssl.PrivateCertificate.fromCertificateAndKeyPair(certificate,privkey)
factory = protocol.Factory.forProtocol(Echo)
reactor.listenSSL(7498,factory,prkey_and_cert.options())
Again, the server starts, but it does not provide cipher suites so that
no client can connect. Same as above!
Appreciate any help!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20170816/681adcab/attachment.html>
More information about the Twisted-Python
mailing list