"ssl.SSLError: ... No shared cipher" when trying to handle HTTPS requests webserver

时间:2017-04-09 23:22:47

标签: python python-2.7 ssl https webserver

I'm trying to extend a web server I made to handle HTTPS requests via SSL. My prof said we should use ssl.wrap_socket and gave us the cipher to use.

Here is what I have so far:

from socket import *
import ssl

serverSocket = socket(AF_INET, SOCK_STREAM)
serverPort = 443
serverSocket.bind(("", serverPort))
serverSocket.listen(1)

while True:
    print ('Ready to serve...')
    connectionSocket, addr = serverSocket.accept()

    connectionSocket = ssl.wrap_socket(connectionSocket,
                                keyfile="./server.key",
                                certfile="./server.pem",
                                server_side=True,
                                cert_reqs=ssl.CERT_NONE,
                                ssl_version=ssl.PROTOCOL_SSLv23,
                                ca_certs=None,
                                do_handshake_on_connect=True,
                                suppress_ragged_eofs=True,
                                ciphers="AES128-SHA256")

    try:
        message =  (connectionSocket.recv(1024)).decode('utf-8')
        filename = message.split()[1]

        f = open(filename[1:],'rb')
        outputdata = f.read()
        f.close()

        connectionSocket.send(b'HTTP/1.1 200 OK\r\n\r\n')
        connectionSocket.send(outputdata)
        connectionSocket.send(b'\r\n')

        connectionSocket.shutdown(SHUT_RDWR)
        connectionSocket.close()

    except IOError:
        connectionSocket.send(b'HTTP/1.1 404 Not Found\r\n\r\n')
        connectionSocket.send(b'<html><head></head><body><h1>404 Not Found</h1></body></html>\r\n')

        connectionSocket.shutdown(SHUT_RDWR)
        connectionSocket.close()

serverSocket.close()

I've tested this in the command line with the following code and it seems to work. It shows me the right info about the SSL sessions such as protocol, cipher, session-ID, Master-key and the contents of index.html:

openssl s_client -connect localhost:443
GET /index.html

For the next section of the assignment I have to put "https://localhost:443/index.html" into my browser, but my webserver crashes with this error:

ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:661)

What is wrong with my code?

1 个答案:

答案 0 :(得分:0)

                            ciphers="AES128-SHA256")

根据SSLLabs client tests AES128-SHA256(标准中称为TLS_RSA_WITH_AES_128_CBC_SHA256)不受ChromeFirefox等主要浏览器的支持。只接受主服务器不支持的服务器上的这一单一密码,使得无法找到通用密码,即

ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:661)

修复方法是接受服务器上的更多密码以包含浏览器支持的密码。有关有用的设置,请参阅mozilla wiki,这些设置不仅适用于主要Web服务器,还适用于小型服务器。