SSL workaround

Python < 2.7.9 does not support anonymous SSL server through
ssl.wrap_socket, so we have to disable it. Works fine as client.
Try to prefer secp256k1 curve (again, requires python >= 2.7.9)
This commit is contained in:
mailchuck 2015-11-15 02:20:08 +01:00 committed by Peter Surda
parent 049e226ddc
commit 2fd85bfa69
2 changed files with 5 additions and 2 deletions

View File

@ -265,8 +265,10 @@ class receiveDataThread(threading.Thread):
self.connectionIsOrWasFullyEstablished = True self.connectionIsOrWasFullyEstablished = True
self.sslSock = self.sock self.sslSock = self.sock
if (self.services & shared.NODE_SSL == shared.NODE_SSL): if (self.services & shared.NODE_SSL == shared.NODE_SSL and (self.initiatedConnection or sys.version_info >= (2, 7, 9))):
self.sslSock = ssl.wrap_socket(self.sock, keyfile = os.path.join(shared.codePath(), 'sslkeys', 'key.pem'), certfile = os.path.join(shared.codePath(), 'sslkeys', 'cert.pem'), server_side = not self.initiatedConnection, ssl_version=ssl.PROTOCOL_TLSv1, do_handshake_on_connect=False, ciphers='AECDH-AES256-SHA') self.sslSock = ssl.wrap_socket(self.sock, keyfile = os.path.join(shared.codePath(), 'sslkeys', 'key.pem'), certfile = os.path.join(shared.codePath(), 'sslkeys', 'cert.pem'), server_side = not self.initiatedConnection, ssl_version=ssl.PROTOCOL_TLSv1, do_handshake_on_connect=False, ciphers='AECDH-AES256-SHA')
if hasattr(self.sslSock, "context"):
self.sslSock.context.set_ecdh_curve("secp256k1")
while True: while True:
try: try:
self.sslSock.do_handshake() self.sslSock.do_handshake()

View File

@ -148,7 +148,8 @@ def encodeHost(host):
def assembleVersionMessage(remoteHost, remotePort, myStreamNumber): def assembleVersionMessage(remoteHost, remotePort, myStreamNumber):
payload = '' payload = ''
payload += pack('>L', 3) # protocol version. payload += pack('>L', 3) # protocol version.
payload += pack('>q', NODE_NETWORK|NODE_SSL) # bitflags of the services I offer. payload += pack('>q', NODE_NETWORK|(NODE_SSL if sys.version_info >= (2, 7, 9) else 0)) # bitflags of the services I offer.
# python < 2.7.9's ssl library does not support ECDSA server due to missing initialisation of available curves, but client works ok
payload += pack('>q', int(time.time())) payload += pack('>q', int(time.time()))
payload += pack( payload += pack(