-
Notifications
You must be signed in to change notification settings - Fork 575
/
ssltest.py
104 lines (90 loc) · 3.31 KB
/
ssltest.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
import os
import select
import socket
import ssl
import sys
import traceback
HOST = "127.0.0.1"
PORT = 8912
def sslProtocolVersion():
# sslProtocolVersion
if sys.version_info >= (2, 7, 13):
# this means TLSv1 or higher
# in the future change to
# ssl.PROTOCOL_TLS1.2
return ssl.PROTOCOL_TLS
elif sys.version_info >= (2, 7, 9):
# this means any SSL/TLS. SSLv2 and 3 are excluded with an option after context is created
return ssl.PROTOCOL_SSLv23
else:
# this means TLSv1, there is no way to set "TLSv1 or higher" or
# "TLSv1.2" in < 2.7.9
return ssl.PROTOCOL_TLSv1
def sslProtocolCiphers():
if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000:
return "AECDH-AES256-SHA@SECLEVEL=0"
else:
return "AECDH-AES256-SHA"
def connect():
sock = socket.create_connection((HOST, PORT))
return sock
def listen():
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind((HOST, PORT))
sock.listen(0)
return sock
def sslHandshake(sock, server=False):
if sys.version_info >= (2, 7, 9):
context = ssl.SSLContext(sslProtocolVersion())
context.set_ciphers(sslProtocolCiphers())
context.set_ecdh_curve("secp256k1")
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3\
| ssl.OP_SINGLE_ECDH_USE | ssl.OP_CIPHER_SERVER_PREFERENCE
sslSock = context.wrap_socket(sock, server_side=server, do_handshake_on_connect=False)
else:
sslSock = ssl.wrap_socket(sock, keyfile=os.path.join('src', 'sslkeys', 'key.pem'),
certfile=os.path.join('src', 'sslkeys', 'cert.pem'),
server_side=server, ssl_version=sslProtocolVersion(),
do_handshake_on_connect=False, ciphers='AECDH-AES256-SHA')
while True:
try:
sslSock.do_handshake()
break
except ssl.SSLWantReadError:
print("Waiting for SSL socket handhake read")
select.select([sslSock], [], [], 10)
except ssl.SSLWantWriteError:
print("Waiting for SSL socket handhake write")
select.select([], [sslSock], [], 10)
except Exception:
print("SSL socket handhake failed, shutting down connection")
traceback.print_exc()
return
print("Success!")
return sslSock
if __name__ == "__main__":
if len(sys.argv) != 2:
print("Usage: ssltest.py client|server")
sys.exit(0)
elif sys.argv[1] == "server":
serversock = listen()
while True:
print("Waiting for connection")
sock, addr = serversock.accept()
print("Got connection from %s:%i" % (addr[0], addr[1]))
sslSock = sslHandshake(sock, True)
if sslSock:
sslSock.shutdown(socket.SHUT_RDWR)
sslSock.close()
elif sys.argv[1] == "client":
sock = connect()
sslSock = sslHandshake(sock, False)
if sslSock:
sslSock.shutdown(socket.SHUT_RDWR)
sslSock.close()
else:
print("Usage: ssltest.py client|server")
sys.exit(0)