python - Twisted TLS Server offering no shared ciphers -


i built tls server python twisted (17.5.0), running on python 3.5.3 following code (its shortened):

from openssl import crypto twisted.internet.ssl import (privatecertificate,keypair,certificate) twisted.internet import reactor twisted.internet import protocol, task, defer  pkey_obj = open("server.key","rb").read() pkey = crypto.load_privatekey(crypto.filetype_pem, pkey_obj)   regsrv_obj = open("servercert.pem","rb").read() regsrv_cert = crypto.load_certificate(crypto.filetype_pem, regsrv_obj)  certificate = certificate(regsrv_cert) prkey = keypair(pkey) prkey_and_cert = privatecertificate.fromcertificateandkeypair(certificate, prkey)  tls_server_options = prkey_and_cert.options()  factory = protocol.factory.forprotocol(echo) reactor.listenssl(5444, factory, tls_server_options) return defer.deferred()

i adapted http://twistedmatrix.com/documents/current/core/howto/ssl.html

the server starts correctly following commands , available:

python3 tls_server.py

if want query server openssl s_client server outputs following error:

[failure instance: traceback: : [('ssl routines', 'tls_post_process_client_hello', 'no shared cipher')]

question: why server , client cannot agree on common cipher?

the server's key ec-key based on secp521r1 , if open tls server server's key/cert openssl s_server works perfectly. must wrong twisted implementation.

edit: tried enumerate available ciphers @ server side with

nmap --script ssl-enum-ciphers -p 5444 localhost

but seems server doesn't provide ciphers nor ssl capability. error on server side if output error in die connectionlost() method of underlaying twisted protocol:

2017-08-15 15:35:40+0200 [-] connection lost: [failure instance: traceback: <class 'openssl.ssl.error'>: [('ssl routines', 'tls_post_process_client_hello', 'no shared cipher')] 2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/twisted/internet/posixbase.py:597:_doreadorwrite 2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/twisted/internet/tcp.py:208:doread 2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/twisted/internet/tcp.py:214:_datareceived 2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/twisted/protocols/tls.py:315:datareceived 2017-08-15 15:35:40+0200 [-] --- <exception caught here> --- 2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/twisted/protocols/tls.py:235:_checkhandshakestatus 2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/openssl/ssl.py:1716:do_handshake 2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/openssl/ssl.py:1456:_raise_ssl_error 2017-08-15 15:35:40+0200 [-] /usr/local/lib/python3.5/dist-packages/openssl/_util.py:54:exception_from_error_queue 2017-08-15 15:35:40+0200 [-] ]


Comments

Post a Comment

Popular posts from this blog

PHP and MySQL WP -

i trying accomplish 2 things here code. writing php directly wp page using insert php plugin. 1) query mysql database , return results 1 column 4 columns. 2) make each result own hyperlink directs user new wp page runs new query on page. i able query show results , turn results dynamic hyperlink, cannot formatting down. right returns result 1 column. here have: [insert_php] $servername = "localhost"; $username = "login"; //edited privacy $password = "password"; //edited privacy $database = "database"; //edited privacy // create connection $conn = new mysqli($servername, $username, $password, $database); // check connection if ($conn->connect_error) { die("connection failed: " . $conn->connect_error); } echo "connected successfully"; //get results database $result = mysqli_query($conn,"select mine mines order mine"); $all_property = array(); //declare array saving property //showing proper...
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m...
Read more

go - golang pprof for c library code -

i have been trying profile golang application pprof, seems details of c code(linked static library) missed in output result. flame graph from frame graph can see c code time consuming reported within "runtime._externalcode", no details @ all. , sure static library compiled debug enable. so there way make pprof details(like stack trace) of 3rd party c code? or there other golang profiling tool this?
Read more