Python - SSL - 错误的版本号 [英] Python - SSL - wrong version number
问题描述
这可能只是另一个未解决的线程,但无论如何我都会填写一些信息.
This will probably be just another unsolved thread but i'll fill in some info anyway.
我连一秒钟都无法将 SSL 包装在一起.我对 wrap_socket() 和 do_handshake() 做错了什么有什么想法吗?
I can't get my SSL wrapping together not even for a second. Any ideas to what i'm doing wrong with my wrap_socket() and do_handshake()?
密钥文件似乎是 100% 完美的,我在握手之前尝试过使用 AND 而不使用 .recv().这只是根据我放置 recv() 的位置生成这些:
The key files appear to be 100% perfect, and i've tried with AND without the .recv() before the handshake. That just generates these depending on where i put the recv():
SSL3_GET_CLIENT_HELLO:版本号错误
SSL3_GET_CLIENT_HELLO:wrong version number
SSL3_GET_RECORD:版本号错误
SSL3_GET_RECORD:wrong version number
class Server():
def __init__(self, listen = '', port = 8080, ssl = False):
self.sock = socket.socket()
self.sock.bind((listen, port))
self.sock.listen(5)
def accept(self):
newsocket, fromaddr = self.sock.accept()
newsocket.recv(32)
newsocket.setblocking(0)
sslsock = ssl.wrap_socket(newsocket,
server_side=True,
certfile="./kernel/sock/server.crt",
keyfile="./kernel/sock/server.key",
cert_reqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_TLSv1,
do_handshake_on_connect=False,
suppress_ragged_eofs=True)
sslsock.do_handshake()
return sslsock, fromaddr
为了记录,如果不明显或者我错了,那就是握手失败了:)
For the record, if it's not obvious or i'm wrong, it's the handshake that fails :)
我稍微修改了代码,尝试了 SSLv3 并稍微改变了包装的位置:
I modified the code a bit, trying SSLv3 and also change the position of the wrapping a bit:
import socket, ssl, time, select
class Server():
def __init__(self, listen = '', port = 443, ssl = False):
self.sock = socket.socket()
self.sock.bind((listen, port))
self.sock.listen(5)
def accept(self):
self.sock = ssl.wrap_socket(self.sock,
server_side=True,
certfile="./kernel/sock/server.crt",
keyfile="./kernel/sock/server.key",
cert_reqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_SSLv3,
do_handshake_on_connect=False,
suppress_ragged_eofs=True)
newsocket, fromaddr = self.sock.accept()
print [newsocket.recv(32)]
newsocket.setblocking(False)
newsocket.do_handshake()
return newsocket, fromaddr
s = Server()
ns, na = s.accept()
print ns.recv(1024)
现在我得到了 newsocket.recv(32):
Now i get with the newsocket.recv(32):
ssl.SSLError: [Errno 1] _ssl.c:1331: error:140940E5:SSL 例程:SSL3_READ_BYTES:ssl 握手失败
ssl.SSLError: [Errno 1] _ssl.c:1331: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
和没有:
ssl.SSLError: [Errno 2] _ssl.c:490: 操作没有完成(读取)
ssl.SSLError: [Errno 2] _ssl.c:490: The operation did not complete (read)
另外:我拒绝使用 Twisted
缩小规模:
import socket, ssl, time, select
from OpenSSL import SSL
class Server():
def __init__(self, listen = '', port = 443, ssl = False):
ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.use_privatekey_file("server.pem")
ctx.use_certificate_file("server.pem")
self.sock = SSL.Connection(ctx, socket.socket())
self.sock.bind((listen, port))
self.sock.listen(5)
def accept(self):
newsocket, fromaddr = self.sock.accept()
return newsocket, fromaddr
s = Server()
ns, na = s.accept()
print ns.recv(1024)
这和原生"一样好用ssl 库.但是现在我收到此错误:
This works just as good as the "native" ssl library. However now i get this error:
OpenSSL.SSL.Error: [('SSL 例程', 'SSL23_READ', 'ssl 握手失败')]
OpenSSL.SSL.Error: [('SSL routines', 'SSL23_READ', 'ssl handshake failure')]
这就是我现在所处的位置:
This is where i'm at now:
import socket, ssl, time #, select
class Server():
def __init__(self, listen = '', port = 443, ssl = False):
self.sock = socket.socket()
self.sock.bind((listen, port))
self.sock.listen(5)
def accept(self):
self.ssl_sock = None
while not self.ssl_sock:
self.ssl_sock = ssl.wrap_socket(self.sock,
server_side=True,
certfile=r"C:\moo.pem",
keyfile=r"C:\moo.key",
cert_reqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_TLSv1)
newsocket, fromaddr = self.ssl_sock.accept()
print([newsocket.recv()])
return newsocket, fromaddr
s = Server()
ns, na = s.accept()
print(ns.recv(1024))
这完美"有效;在 Firefox 中,但在 Google Chrome 中不.为什么?有什么不同?-.-
This works "prefectly" in Firefox, but NOT in Google Chrome. Why? what's the difference? -.-
推荐答案
如果你的代码有问题,我根本不会告诉你 Python.
错误虽然很明显.客户端支持 SSLv3
,而您的服务器仅支持 TLSv1
.
因此,您应该启用对 SSLv3
的支持或升级您的客户端.
I don't know Python at all to tell you if you have a problem in your code.
The error though is clear. The client supports SSLv3
and your server only TLSv1
.
So you should enable support for SSLv3
or upgrade your client.
这一行似乎是问题所在:ssl_version=ssl.PROTOCOL_TLSv1
.也许您还可以在此处添加 SSLv3
?
This line seems to be the problem:ssl_version=ssl.PROTOCOL_TLSv1
. Perhaps you can also add SSLv3
here?
更新:
我看到您在浏览器之间有问题.查看是否在 Crome 中启用了 SSLv3
.
例如,在 IE 中,这是在 Internet Options
-> Advanced Tab
下.
Chrome 中应该有类似的东西.禁用SSv3
并启用TLSv1
Update:
I see that you have problem between browsers. See if SSLv3
is enabled in Crome.
In IE for example this is under Internet Options
-> Advanced Tab
.
Something similar should be in Chrome. Disable SSv3
and enable TLSv1
instead
这篇关于Python - SSL - 错误的版本号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!