Reputation: 223
Python Paste SSL server with TLSv1.2 and Forward Secrecy
for a Python app on Mac OS X, I need to setup an HTTPS server with TLSv1.2, Forward Secrecy, and without RC4 ciphers. Using Paste and pyOpenSSL I have write the following code:
from paste import httpserver
from OpenSSL import SSL
context = SSL.Context(SSL.SSLv23_METHOD)
context.use_privatekey_file("/Path/to/my/private.key")
context.use_certificate_chain_file("/Path/to/my/chain-cert.pem")
context.set_options(SSL.OP_NO_SSLv2)
context.set_options(SSL.OP_NO_SSLv3)
context.set_options(SSL.OP_SINGLE_DH_USE)
context.set_cipher_list("EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4")
logger.debug("OPENSSL version: %s" % SSL.SSLeay_version(SSL.SSLEAY_VERSION))
httpserver.serve(app_logged, host=http_host, port=http_port, server_version=server_version, ssl_context=context, use_threadpool=True, threadpool_workers=15, request_queue_size=5)
But Safari, Chrome and OpenSSL client failed to connect to my server with the error "no shared cipher". So, what did I do wrong?
Note: Default OS X versions of Python (2.7.6) and OpenSSL (0.9.8) are not compatible with TLSv1.2, so I had to compile OpenSSL 1.0.2 and Python 2.7.10 from sources.
If I check my OpenSSL ciphers list, it give me this:
$ /usr/local/bin/openssl ciphers -V 'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4'
0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
0xC0,0x23 - ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
0xC0,0x14 - ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
0xC0,0x0A - ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
0xC0,0x13 - ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
0xC0,0x09 - ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
0x00,0x6B - DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
0x00,0x39 - DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
0x00,0x67 - DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
0x00,0x33 - DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
0x00,0x9A - DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1
0x00,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
and I know that Safari 8 is compatible with cipher "ECDHE-RSA-AES128-SHA256" for example, so why I have a 'no shared cipher' error?
$ /usr/local/bin/openssl s_client -connect 192.168.0.17:4443 -tls1_2
CONNECTED(00000003)
140735274361680:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40
140735274361680:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1439975452
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
Alternative: If I change my cipher list to
context.set_cipher_list("HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:@STRENGTH")
It works, browsers and openssl client are able to establish a secured connection with cipher 'AES256-GCM-SHA384' on protocol TLSv1.2, but it is not an ECDHE cipher (therefore no Forward Secrecy).
EDIT correct answer:
For the DH ciphers, you need a DH parameters file in PEM format, you can generate one with the following command:
$ /usr/local/bin/openssl dhparam 2048 -out dhparams.pem
For the ECDHE ciphers, you will need to set an elliptic curve for the SSL context. You can retrieve the available curves on your system with pyOpenSSL:
OpenSSL.crypto.get_elliptic_curves()
Which give us the correct following python code:
from paste import httpserver
from OpenSSL import SSL
from OpenSSL import crypto
context = SSL.Context(SSL.SSLv23_METHOD)
context.use_privatekey_file("/Path/to/my/private.key")
context.use_certificate_chain_file("/Path/to/my/chain-cert.pem")
context.load_tmp_dh("/Path/to/my/dhparams.pem")
context.set_tmp_ecdh(crypto.get_elliptic_curve("prime256v1"))
context.set_options(SSL.OP_NO_SSLv2)
context.set_options(SSL.OP_NO_SSLv3)
context.set_options(SSL.OP_SINGLE_DH_USE)
context.set_cipher_list("EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4")
logger.debug("OPENSSL version: %s" % SSL.SSLeay_version(SSL.SSLEAY_VERSION))
httpserver.serve(app_logged, host=http_host, port=http_port, server_version=server_version, ssl_context=context, use_threadpool=True, threadpool_workers=15, request_queue_size=5)
Upvotes: 3
Views: 3361
Answers (2)
Reputation: 23480
I'll leave this here, since this works with built in libraries as well.
import ssl
from socket import *
context = ssl.create_default_context()
context.set_ciphers('ECDHE+AESGCM:!ECDSA')
context.load_dh_params("dhparams.pem")
context.set_ecdh_curve("prime256v1")
sock = socket()
sock.connect(('hostname', 443))
sock = context.wrap_socket(sock, server_side=False, server_hostname='hostname')
Since the above answer and question is regarding pyOpenSSL, I know this might not be 100% in the right ball park.
But after a bit of searching around why I get ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1045) without any details to as why this is happening, this post saved my day.. But I also figured it was possible to do natively via ssl (which I'm sure, probably uses OpenSSL but still thought this might be useful here).
Upvotes: 0
Reputation: 123320
To have support for DH ciphers (DHE-RSA-...) you need to have a DH params file and specify it:
context.load_tmp_dh("dhparams.pem")
To create such file you might use OpenSSL
openssl dhparam -out dhparams.pem 2048
To support ECDH ciphers you need to specify which curve should be used. I don't have a pyOpenSSL version which supports it but according to the documentation it should be
context.set_tmp_ecdh( OpenSSL.crypto.get_elliptic_curve( "prime256v1" ))
Upvotes: 3
Related Questions
- How to set ciphers in ssl python socket
- TLS/SSL socket python server
- Python Socket Client SSL Connection
- Python simple SSL communication
- How to communicate with a server using a TLS connection?
- How to make a TLS connection using python?
- Python 3.6 SSL - Uses TLSv1.0 instead of TLSv1.2 cipher - (2 way auth and self-signed cert)
- Python ssl unable to connect to TLS1.2 server with TLS1.2 client
- Sending TLS 1.2 request in Python 2.6
- SSL and TLS in Python requests