SSL workaround
Python < 2.7.9 does not support anonymous SSL server through ssl.wrap_socket, so we have to disable it. Works fine as client. Try to prefer secp256k1 curve (again, requires python >= 2.7.9)
This commit is contained in:
parent
da18e4be26
commit
dd6de5210f
|
@ -265,8 +265,10 @@ class receiveDataThread(threading.Thread):
|
|||
self.connectionIsOrWasFullyEstablished = True
|
||||
|
||||
self.sslSock = self.sock
|
||||
if (self.services & shared.NODE_SSL == shared.NODE_SSL):
|
||||
if (self.services & shared.NODE_SSL == shared.NODE_SSL and (self.initiatedConnection or sys.version_info >= (2, 7, 9))):
|
||||
self.sslSock = ssl.wrap_socket(self.sock, keyfile = os.path.join(shared.codePath(), 'sslkeys', 'key.pem'), certfile = os.path.join(shared.codePath(), 'sslkeys', 'cert.pem'), server_side = not self.initiatedConnection, ssl_version=ssl.PROTOCOL_TLSv1, do_handshake_on_connect=False, ciphers='AECDH-AES256-SHA')
|
||||
if hasattr(self.sslSock, "context"):
|
||||
self.sslSock.context.set_ecdh_curve("secp256k1")
|
||||
while True:
|
||||
try:
|
||||
self.sslSock.do_handshake()
|
||||
|
|
|
@ -148,7 +148,8 @@ def encodeHost(host):
|
|||
def assembleVersionMessage(remoteHost, remotePort, myStreamNumber):
|
||||
payload = ''
|
||||
payload += pack('>L', 3) # protocol version.
|
||||
payload += pack('>q', NODE_NETWORK|NODE_SSL) # bitflags of the services I offer.
|
||||
payload += pack('>q', NODE_NETWORK|(NODE_SSL if sys.version_info >= (2, 7, 9) else 0)) # bitflags of the services I offer.
|
||||
# python < 2.7.9's ssl library does not support ECDSA server due to missing initialisation of available curves, but client works ok
|
||||
payload += pack('>q', int(time.time()))
|
||||
|
||||
payload += pack(
|
||||
|
|
Loading…
Reference in New Issue
Block a user