Twisted TLS Server不提供共享密码

时间:2017-08-15 10:36:47

标签: python ssl twisted

我使用Python Twisted(17.5.0)构建了一个TLS服务器,在python 3.5.3上运行,代码如下(缩短了):

from OpenSSL import crypto
from twisted.internet.ssl import (PrivateCertificate,KeyPair,Certificate)
from twisted.internet import reactor
from twisted.internet import protocol, task, defer

pkey_obj = open("server.key","rb").read()
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, pkey_obj)


regsrv_obj = open("servercert.pem","rb").read()
regsrv_cert = crypto.load_certificate(crypto.FILETYPE_PEM, regsrv_obj)

certificate = Certificate(regsrv_cert)
prkey = KeyPair(pkey)
prkey_and_cert = PrivateCertificate.fromCertificateAndKeyPair(certificate, prkey)

tls_server_options = prkey_and_cert.options()

factory = protocol.Factory.forProtocol(Echo)
reactor.listenSSL(5444, factory, tls_server_options)
return defer.Deferred()

我从http://twistedmatrix.com/documents/current/core/howto/ssl.html

改编了它

服务器使用以下命令正确启动并可用:

  

python3 tls_server.py

如果现在想要使用 openssl s_client 查询此服务器,则服务器输出以下错误:

  

[失败实例:回溯:: [('SSL例程','tls_post_process_client_hello','无共享密码')]

问题:为什么服务器和客户端无法就通用密码达成一致?

服务器密钥是基于secp521r1的EC密钥,如果我通过 openssl s_server 打开服务器密钥/证书的TLS服务器,它可以正常工作。我扭曲的实现一定有问题。

编辑: 我尝试使用

枚举服务器端的可用密码
  

nmap --script ssl-enum-ciphers -p 5444 localhost

但似乎服务器不提供任何密码或SSL功能。如果我在底层伪协议的die connectionLost()方法中输出错误,这就是我在服务器端得到的错误:

2017-08-15 15:35:40+0200 [-] connection lost: [Failure instance: Traceback: <class 'OpenSSL.SSL.Error'>: [('SSL routines', 'tls_post_process_client_hello', 'no shared cipher')]
2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/twisted/internet/posixbase.py:597:_doReadOrWrite
2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/twisted/internet/tcp.py:208:doRead
2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/twisted/internet/tcp.py:214:_dataReceived
2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/twisted/protocols/tls.py:315:dataReceived
2017-08-15 15:35:40+0200 [-] --- <exception caught here> ---
2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/twisted/protocols/tls.py:235:_checkHandshakeStatus
2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/OpenSSL/SSL.py:1716:do_handshake
2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/OpenSSL/SSL.py:1456:_raise_ssl_error
2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/OpenSSL/_util.py:54:exception_from_error_queue
2017-08-15 15:35:40+0200 [-] ]

0 个答案:

没有答案
相关问题
最新问题