如何获取用于DTLS的pyOpenSSL中的当前密码 [英] How to get current cipher in pyOpenSSL for DTLS
问题描述
我需要获取pyOpenSSL中DTLS协议的协商密码.我为TCP套接字成功地做到了这一点,但是就数据报而言,它并不那么明显.请提供C或Python示例.到目前为止,这是我尝试过的:
I need to get a negotiated cipher for DTLS protocol in pyOpenSSL. I was successful in doing that for TCP sockets, but when it comes to datagrams, it's not that obvious. Please provide an example either in C or Python. This is what I've tried so far:
import socket
from OpenSSL import SSL
from OpenSSL._util import (
ffi as _ffi,
lib as _lib)
DTLSv1_METHOD = 7
SSL.Context._methods[DTLSv1_METHOD]=getattr(_lib, "DTLSv1_client_method")
ctx = SSL.Context(DTLSv1_METHOD)
ctx.set_cipher_list('AES128-SHA')
ctx.use_certificate_file("path-to-cert.pem")
ctx.use_privatekey_file("path-to-key.pem")
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect(('dtls-host', 443))
con = SSL.Connection(ctx, s)
con.set_connect_state()
con.connect(('dtls-host', 443))
cc = _lib.SSL_get_current_cipher(con._ssl)
print _ffi.string( _lib.SSL_CIPHER_get_name(cc))
打印结果是 (无)
The printed result is (None)
推荐答案
结果为无",因为这是为您的连接协商的密码.或更确切地说,它是无",因为尚未为您的连接协商 no 密码.密码选择是握手的一部分,在此示例中,握手未在任何地方进行.
The result is None because that is the cipher that has been negotiated for your connection. Or rather, it is None because no cipher has been negotiated for your connection yet. Cipher selection is part of the handshake and the handshake is not done anywhere in this example.
在调用SSL_get_current_cipher之前先尝试con.do_handshake().
还请记住,以_为前缀的名称是私有的,如果您希望程序继续使用pyOpenSSL的未来版本,则不要使用它们.
Also bear in mind that _-prefixed names are private and you really shouldn't use them if you want your program to keep working with future versions of pyOpenSSL.
这篇关于如何获取用于DTLS的pyOpenSSL中的当前密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
