我正在尝试使用EC密钥而不是RSA执行ssl握手。 私钥和服务器证书是使用OpenSSL生成的。握手失败。
服务器代码:
context.load_cert_chain(certfile='server-cert.pem', keyfile='server-key.pem')
context.set_ecdh_curve('prime192v1')
# context.load_dh_params('server-key.pem')
bindsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
bindsocket.bind(('localhost', 6996))
bindsocket.listen(5)
while True:
newsocket, fromaddr = bindsocket.accept()
connstream = context.wrap_socket(newsocket, server_side=True)
try:
print connstream.read()
connstream.send('HI CLIENT#')
finally:
connstream.shutdown(socket.SHUT_RDWR)
connstream.close()
客户代码:
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
context.verify_mode = ssl.CERT_REQUIRED
context.load_verify_locations('server-cert.pem')
client = context.wrap_socket(socket.socket(socket.AF_INET, socket.SOCK_STREAM))
client.connect(('localhost', 6996))
client.send('HELLO WORLD!')
print client.read()
client.shutdown(socket.SHUT_RDWR)
client.close()
服务器错误:
connstream = context.wrap_socket(newsocket, server_side=True)
File "C:\ProgramData\Anaconda2\lib\ssl.py", line 363, in wrap_socket
_context=self)
File "C:\ProgramData\Anaconda2\lib\ssl.py", line 611, in __init__
self.do_handshake()
File "C:\ProgramData\Anaconda2\lib\ssl.py", line 840, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:661)
客户端错误:
client.connect(('localhost', 6996))
File "C:\ProgramData\Anaconda2\lib\ssl.py", line 876, in connect
self._real_connect(addr, False)
File "C:\ProgramData\Anaconda2\lib\ssl.py", line 867, in _real_connect
self.do_handshake()
File "C:\ProgramData\Anaconda2\lib\ssl.py", line 840, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:661)
server-key.pem的外观如下:
-----BEGIN EC PARAMETERS-----
...
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----