2017-01-15 11:42:20 +01:00
|
|
|
import os
|
2017-01-14 13:51:44 +01:00
|
|
|
import select
|
|
|
|
import socket
|
|
|
|
import ssl
|
|
|
|
import sys
|
2017-01-14 13:55:57 +01:00
|
|
|
import traceback
|
2017-01-14 13:51:44 +01:00
|
|
|
|
|
|
|
HOST = "127.0.0.1"
|
|
|
|
PORT = 8912
|
|
|
|
|
|
|
|
def sslProtocolVersion():
|
|
|
|
# sslProtocolVersion
|
|
|
|
if sys.version_info >= (2,7,13):
|
|
|
|
# this means TLSv1 or higher
|
|
|
|
# in the future change to
|
|
|
|
# ssl.PROTOCOL_TLS1.2
|
|
|
|
return ssl.PROTOCOL_TLS
|
|
|
|
elif sys.version_info >= (2,7,9):
|
|
|
|
# this means any SSL/TLS. SSLv2 and 3 are excluded with an option after context is created
|
|
|
|
return ssl.PROTOCOL_SSLv23
|
|
|
|
else:
|
|
|
|
# this means TLSv1, there is no way to set "TLSv1 or higher" or
|
|
|
|
# "TLSv1.2" in < 2.7.9
|
|
|
|
return ssl.PROTOCOL_TLSv1
|
|
|
|
|
2017-01-15 10:48:29 +01:00
|
|
|
def sslProtocolCiphers():
|
|
|
|
if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000:
|
|
|
|
return "AECDH-AES256-SHA@SECLEVEL=0"
|
|
|
|
else:
|
|
|
|
return "AECDH-AES256-SHA"
|
|
|
|
|
2017-01-14 13:51:44 +01:00
|
|
|
def connect():
|
|
|
|
sock = socket.create_connection((HOST, PORT))
|
|
|
|
return sock
|
|
|
|
|
|
|
|
def listen():
|
|
|
|
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
|
|
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
|
|
|
sock.bind((HOST, PORT))
|
|
|
|
sock.listen(0)
|
|
|
|
return sock
|
|
|
|
|
|
|
|
def sslHandshake(sock, server=False):
|
|
|
|
if sys.version_info >= (2,7,9):
|
|
|
|
context = ssl.SSLContext(sslProtocolVersion())
|
2017-01-15 10:48:29 +01:00
|
|
|
context.set_ciphers(sslProtocolCiphers())
|
2017-01-14 13:51:44 +01:00
|
|
|
context.set_ecdh_curve("secp256k1")
|
|
|
|
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE | ssl.OP_CIPHER_SERVER_PREFERENCE
|
|
|
|
sslSock = context.wrap_socket(sock, server_side = server, do_handshake_on_connect=False)
|
|
|
|
else:
|
2017-01-15 10:48:29 +01:00
|
|
|
sslSock = ssl.wrap_socket(sock, keyfile = os.path.join('src', 'sslkeys', 'key.pem'), certfile = os.path.join('src', 'sslkeys', 'cert.pem'), server_side = server, ssl_version=sslProtocolVersion(), do_handshake_on_connect=False, ciphers='AECDH-AES256-SHA')
|
2017-01-14 13:51:44 +01:00
|
|
|
|
|
|
|
while True:
|
|
|
|
try:
|
|
|
|
sslSock.do_handshake()
|
|
|
|
break
|
|
|
|
except ssl.SSLWantReadError:
|
|
|
|
print "Waiting for SSL socket handhake read"
|
2017-01-15 10:48:29 +01:00
|
|
|
select.select([sslSock], [], [], 10)
|
2017-01-14 13:51:44 +01:00
|
|
|
except ssl.SSLWantWriteError:
|
|
|
|
print "Waiting for SSL socket handhake write"
|
2017-01-15 10:48:29 +01:00
|
|
|
select.select([], [sslSock], [], 10)
|
|
|
|
except Exception:
|
2017-01-14 13:55:57 +01:00
|
|
|
print "SSL socket handhake failed, shutting down connection"
|
|
|
|
traceback.print_exc()
|
2017-01-14 13:51:44 +01:00
|
|
|
return
|
|
|
|
print "Success!"
|
|
|
|
return sslSock
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
if len(sys.argv) != 2:
|
|
|
|
print "Usage: ssltest.py client|server"
|
|
|
|
sys.exit(0)
|
|
|
|
elif sys.argv[1] == "server":
|
|
|
|
serversock = listen()
|
|
|
|
while True:
|
|
|
|
print "Waiting for connection"
|
|
|
|
sock, addr = serversock.accept()
|
|
|
|
print "Got connection from %s:%i" % (addr[0], addr[1])
|
|
|
|
sslSock = sslHandshake(sock, True)
|
2017-01-14 13:55:57 +01:00
|
|
|
if sslSock:
|
|
|
|
sslSock.shutdown(socket.SHUT_RDWR)
|
|
|
|
sslSock.close()
|
2017-01-14 13:51:44 +01:00
|
|
|
elif sys.argv[1] == "client":
|
|
|
|
sock = connect()
|
|
|
|
sslSock = sslHandshake(sock, False)
|
2017-01-14 13:55:57 +01:00
|
|
|
if sslSock:
|
|
|
|
sslSock.shutdown(socket.SHUT_RDWR)
|
|
|
|
sslSock.close()
|
2017-01-14 13:51:44 +01:00
|
|
|
else:
|
|
|
|
print "Usage: ssltest.py client|server"
|
|
|
|
sys.exit(0)
|