个人中心
文章发布
退出
作者热门文章
- android - 多次调用 OnPrimaryClipChangedListener
- android - 无法更新 RecyclerView 中的 TextView 字段
- android.database.CursorIndexOutOfBoundsException : Index 0 requested, 光标大小为 0
- android - 使用 AppCompat 时,我们是否需要明确指定其 UI 组件(Spinner、EditText)颜色
26
4
我想用 Python 编写一套服务器/客户端 TLS1.3 脚本。因此,我使用 tlslite-ng图书馆是唯一一个拥有 TLS1.3 on board 的图书馆.
但是,即使我的简单代码也失败了:
#openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.pem -out certificate.pem
#
import os
import socket
#import sys
from tlslite.api import *
s = open("./certificate.pem").read()
x509 = X509()
x509.parse(s)
certChain = X509CertChain([x509])
#print (certChain)
s = open("./privateKey.pem").read()
privateKey = parsePEMKey(s, private=True)
#print (privateKey)
host = '127.0.1.1'
port = 8888
payload = 1500
server_address = (host, port)
def start_TLS_server():
socket_TLS = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
socket_TLS.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
socket_TLS.bind(server_address)
socket_TLS.listen(1)
#synchro = synchroSocket.accept()
connection = TLSConnection(socket_TLS)
settings = HandshakeSettings()
settings.minKeySize = 2048
settings.cipherNames = ["aes256"]
settings.minVersion = (3,1)
connection.handshakeServer(certChain=certChain, privateKey=privateKey, reqCert=True, settings=settings)
#connection.session.clientCertChain # X509CertChain
#connection.session.serverCertChain # X509CertChain
print(connection)
print("TLS server is running...")
while True:
data = connection.read(payload)
if not data:
break
connection.write(data)
connection.close()
if __name__ == "__main__":
start_TLS_server()
我遇到这样的错误:
root@Admin-PC:/mnt/c/Users/andre/Documents/Visual Studio Code/Projects/SSNProject/TLSvsNPF# python3 TLSserver.py
<tlslite.tlsconnection.TLSConnection object at 0x7f0c9142fe48>
Traceback (most recent call last):
File "TLSserver.py", line 89, in <module>
start_TLS_server()
File "TLSserver.py", line 58, in start_TLS_server
connection.handshakeServer(certChain=certChain, privateKey=privateKey, reqCert=True, settings=settings)
File "/usr/local/lib/python3.5/dist-packages/tlslite/tlsconnection.py", line 1191, in handshakeServer
nextProtos=nextProtos, anon=anon, alpn=alpn, sni=sni):
File "/usr/local/lib/python3.5/dist-packages/tlslite/tlsconnection.py", line 1220, in handshakeServerAsync
for result in self._handshakeWrapperAsync(handshaker, checker):
File "/usr/local/lib/python3.5/dist-packages/tlslite/tlsconnection.py", line 2216, in _handshakeWrapperAsync
for result in handshaker:
File "/usr/local/lib/python3.5/dist-packages/tlslite/tlsconnection.py", line 1262, in _handshakeServerAsyncHelper
anon, alpn, sni):
File "/usr/local/lib/python3.5/dist-packages/tlslite/tlsconnection.py", line 1485, in _serverGetClientHello
HandshakeType.client_hello):
File "/usr/local/lib/python3.5/dist-packages/tlslite/tlsrecordlayer.py", line 657, in _getMsg
for result in self._getNextRecord():
File "/usr/local/lib/python3.5/dist-packages/tlslite/tlsrecordlayer.py", line 829, in _getNextRecord
for result in self._getNextRecordFromSocket():
File "/usr/local/lib/python3.5/dist-packages/tlslite/tlsrecordlayer.py", line 853, in _getNextRecordFromSocket
for result in self._recordLayer.recvRecord():
File "/usr/local/lib/python3.5/dist-packages/tlslite/recordlayer.py", line 695, in recvRecord
for result in self._recordSocket.recv():
File "/usr/local/lib/python3.5/dist-packages/tlslite/recordlayer.py", line 188, in recv
for record in self._recvHeader():
File "/usr/local/lib/python3.5/dist-packages/tlslite/recordlayer.py", line 122, in _recvHeader
for result in self._sockRecvAll(1):
File "/usr/local/lib/python3.5/dist-packages/tlslite/recordlayer.py", line 99, in _sockRecvAll
socketBytes = self.sock.recv(length - len(buf))
File "/usr/local/lib/python3.5/dist-packages/tlslite/bufferedsocket.py", line 54, in recv
return self.socket.recv(bufsize)
OSError: [Errno 107] Transport endpoint is not connected
root@Admin-PC:/mnt/c/Users/andre/Documents/Visual Studio Code/Projects/SSNProject/TLSvsNPF#
您可能会注意到,我使用的是 Windows 10 的 Linux 子系统 Ubuntu 16.04 LTS。我知道错误出在证书的某处,但不清楚在哪里...有什么建议吗?
谢谢
最佳答案
OSError: [Errno 107] Transport endpoint is not connected
您需要在监听套接字上调用 accept() 以获取您包裹 TLSConnection 的套接字和连接信息。
参见 tlstest.py举个例子。
请注意,您需要使用 tls-1.3存在 TLS 1.3 支持的分支,并且 aes256 密码与 TLS 1.3 不兼容(aes256 是用于 CBC 模式密码的名称,没有为 TLS 1.3 定义 CBC 模式密码,您需要使用aes256gcm 或其他 AEAD 密码之一)
关于ssl - 如何创建仅支持 TLS 1.3 的 tlslite-ng 服务器?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46964122/
26
4
0
我想从 Python 的 TLSlite 库加载公钥。 key 可以以我们喜欢的任何方式创建,只要格式是通用的 - 到目前为止,我使用的是通过 openssl 命令行工具创建的 PEM key :
我想用 Python 编写一套服务器/客户端 TLS1.3 脚本。因此,我使用 tlslite-ng图书馆是唯一一个拥有 TLS1.3 on board 的图书馆. 但是,即使我的简单代码也失败了:
我正在使用 python tlslite 库来实现带有 SRP-RSA-AES-256-CBC-SHA 的 TCP 服务器。在客户端,我以这种方式运行命令行打开 ssl 客户端: openssl s_
我是一名优秀的程序员,十分优秀!