Python - SSL - 错误的版本号 [英] Python - SSL - wrong version number

问题描述

这可能只是另一个未解决的线程，但无论如何我都会填写一些信息.

This will probably be just another unsolved thread but i'll fill in some info anyway.

我连一秒钟都无法将 SSL 包装在一起.我对 wrap_socket() 和 do_handshake() 做错了什么有什么想法吗?

I can't get my SSL wrapping together not even for a second. Any ideas to what i'm doing wrong with my wrap_socket() and do_handshake()?

密钥文件似乎是 100% 完美的，我在握手之前尝试过使用 AND 而不使用 .recv().这只是根据我放置 recv() 的位置生成这些:

The key files appear to be 100% perfect, and i've tried with AND without the .recv() before the handshake. That just generates these depending on where i put the recv():

SSL3_GET_CLIENT_HELLO:版本号错误

SSL3_GET_CLIENT_HELLO:wrong version number

SSL3_GET_RECORD:版本号错误

SSL3_GET_RECORD:wrong version number

class Server():
    def __init__(self, listen = '', port = 8080, ssl = False):
        self.sock = socket.socket()
        self.sock.bind((listen, port))
        self.sock.listen(5)

    def accept(self):
        newsocket, fromaddr = self.sock.accept()
        newsocket.recv(32)
        newsocket.setblocking(0)
        sslsock = ssl.wrap_socket(newsocket,
                                    server_side=True,
                                    certfile="./kernel/sock/server.crt",
                                    keyfile="./kernel/sock/server.key",
                                    cert_reqs=ssl.CERT_NONE,
                                    ssl_version=ssl.PROTOCOL_TLSv1,
                                    do_handshake_on_connect=False,
                                    suppress_ragged_eofs=True)
        sslsock.do_handshake()
        return sslsock, fromaddr

为了记录，如果不明显或者我错了，那就是握手失败了:)

For the record, if it's not obvious or i'm wrong, it's the handshake that fails :)

我稍微修改了代码，尝试了 SSLv3 并稍微改变了包装的位置:

I modified the code a bit, trying SSLv3 and also change the position of the wrapping a bit:

import socket, ssl, time, select

class Server():
    def __init__(self, listen = '', port = 443, ssl = False):
        self.sock = socket.socket()
        self.sock.bind((listen, port))
        self.sock.listen(5)

    def accept(self):
        self.sock = ssl.wrap_socket(self.sock,
                                    server_side=True,
                                    certfile="./kernel/sock/server.crt",
                                    keyfile="./kernel/sock/server.key",
                                    cert_reqs=ssl.CERT_NONE,
                                    ssl_version=ssl.PROTOCOL_SSLv3,
                                    do_handshake_on_connect=False,
                                    suppress_ragged_eofs=True)

        newsocket, fromaddr = self.sock.accept()

        print [newsocket.recv(32)]
        newsocket.setblocking(False)
        newsocket.do_handshake()

        return newsocket, fromaddr

s = Server()
ns, na = s.accept()
print ns.recv(1024)

现在我得到了 newsocket.recv(32):

Now i get with the newsocket.recv(32):

ssl.SSLError: [Errno 1] _ssl.c:1331: error:140940E5:SSL 例程:SSL3_READ_BYTES:ssl 握手失败

ssl.SSLError: [Errno 1] _ssl.c:1331: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure

和没有:

ssl.SSLError: [Errno 2] _ssl.c:490: 操作没有完成(读取)

ssl.SSLError: [Errno 2] _ssl.c:490: The operation did not complete (read)

另外:我拒绝使用 Twisted

缩小规模:

import socket, ssl, time, select
from OpenSSL import SSL

class Server():
    def __init__(self, listen = '', port = 443, ssl = False):
        ctx = SSL.Context(SSL.SSLv23_METHOD)
        ctx.use_privatekey_file("server.pem")
        ctx.use_certificate_file("server.pem")
        self.sock = SSL.Connection(ctx, socket.socket())

        self.sock.bind((listen, port))
        self.sock.listen(5)

    def accept(self):
        newsocket, fromaddr = self.sock.accept()
        return newsocket, fromaddr

s = Server()
ns, na = s.accept()
print ns.recv(1024)

这和原生"一样好用ssl 库.但是现在我收到此错误:

This works just as good as the "native" ssl library. However now i get this error:

OpenSSL.SSL.Error: [('SSL 例程', 'SSL23_READ', 'ssl 握手失败')]

OpenSSL.SSL.Error: [('SSL routines', 'SSL23_READ', 'ssl handshake failure')]

---

这就是我现在所处的位置:

---

This is where i'm at now:

import socket, ssl, time #, select

class Server():
    def __init__(self, listen = '', port = 443, ssl = False):
        self.sock = socket.socket()
        self.sock.bind((listen, port))
        self.sock.listen(5)

    def accept(self):
        self.ssl_sock = None
        while not self.ssl_sock:
            self.ssl_sock = ssl.wrap_socket(self.sock,
                server_side=True,
                certfile=r"C:\moo.pem",
                keyfile=r"C:\moo.key",
                cert_reqs=ssl.CERT_NONE,
                ssl_version=ssl.PROTOCOL_TLSv1)

        newsocket, fromaddr = self.ssl_sock.accept()

        print([newsocket.recv()])

        return newsocket, fromaddr

s = Server()
ns, na = s.accept()
print(ns.recv(1024))

这完美"有效；在 Firefox 中，但在 Google Chrome 中不.为什么?有什么不同?-.-

This works "prefectly" in Firefox, but NOT in Google Chrome. Why? what's the difference? -.-

推荐答案

如果你的代码有问题，我根本不会告诉你 Python.
错误虽然很明显.客户端支持 SSLv3，而您的服务器仅支持 TLSv1.
因此，您应该启用对 SSLv3 的支持或升级您的客户端.

I don't know Python at all to tell you if you have a problem in your code.
The error though is clear. The client supports SSLv3 and your server only TLSv1.
So you should enable support for SSLv3 or upgrade your client.

这一行似乎是问题所在:ssl_version=ssl.PROTOCOL_TLSv1.也许您还可以在此处添加 SSLv3 ?

This line seems to be the problem:ssl_version=ssl.PROTOCOL_TLSv1. Perhaps you can also add SSLv3 here?

更新:
我看到您在浏览器之间有问题.查看是否在 Crome 中启用了 SSLv3.
例如，在 IE 中，这是在 Internet Options-> Advanced Tab 下.
Chrome 中应该有类似的东西.禁用SSv3并启用TLSv1

Update:
I see that you have problem between browsers. See if SSLv3 is enabled in Crome.
In IE for example this is under Internet Options-> Advanced Tab.
Something similar should be in Chrome. Disable SSv3 and enable TLSv1 instead

这篇关于Python - SSL - 错误的版本号的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！