I'm trying to extend a web server I made to handle HTTPS requests via SSL.
My prof said we should use ssl.wrap_socket
and gave us the cipher to use.
Here is what I have so far:
from socket import *
import ssl
serverSocket = socket(AF_INET, SOCK_STREAM)
serverPort = 443
serverSocket.bind(("", serverPort))
serverSocket.listen(1)
while True:
print ('Ready to serve...')
connectionSocket, addr = serverSocket.accept()
connectionSocket = ssl.wrap_socket(connectionSocket,
keyfile="./server.key",
certfile="./server.pem",
server_side=True,
cert_reqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_SSLv23,
ca_certs=None,
do_handshake_on_connect=True,
suppress_ragged_eofs=True,
ciphers="AES128-SHA256")
try:
message = (connectionSocket.recv(1024)).decode('utf-8')
filename = message.split()[1]
f = open(filename[1:],'rb')
outputdata = f.read()
f.close()
connectionSocket.send(b'HTTP/1.1 200 OK\r\n\r\n')
connectionSocket.send(outputdata)
connectionSocket.send(b'\r\n')
connectionSocket.shutdown(SHUT_RDWR)
connectionSocket.close()
except IOError:
connectionSocket.send(b'HTTP/1.1 404 Not Found\r\n\r\n')
connectionSocket.send(b'<html><head></head><body><h1>404 Not Found</h1></body></html>\r\n')
connectionSocket.shutdown(SHUT_RDWR)
connectionSocket.close()
serverSocket.close()
I've tested this in the command line with the following code and it seems to work. It shows me the right info about the SSL sessions such as protocol, cipher, session-ID, Master-key and the contents of index.html
:
openssl s_client -connect localhost:443
GET /index.html
For the next section of the assignment I have to put "https://localhost:443/index.html"
into my browser, but my webserver crashes with this error:
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:661)
What is wrong with my code?
答案 0 :(得分:0)
ciphers="AES128-SHA256")
根据SSLLabs client tests AES128-SHA256(标准中称为TLS_RSA_WITH_AES_128_CBC_SHA256)不受Chrome或Firefox等主要浏览器的支持。只接受主服务器不支持的服务器上的这一单一密码,使得无法找到通用密码,即
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:661)
修复方法是接受服务器上的更多密码以包含浏览器支持的密码。有关有用的设置,请参阅mozilla wiki,这些设置不仅适用于主要Web服务器,还适用于小型服务器。