Python SSL Server - Client Hello w/ only Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA (0x003a) Fails

Question

I am trying to have a client establish a TLSv1 connection with my Python Server Script. I am not sure why its not working...

In the Client Hello, the only Cipher-Suite offered is TLS_DH_anon_WITH_AES_256_CBC_SHA (0x003a)- as written in WireShark.

No matter what I define in my ssl_wrapper, I have tried leaving the ciphers= out of the definition, as you see in the code "ADH-AES256-SHA", "ALL", "ALL:eNULL", "ADH". I always get the response NO SHARED CIPHER.

I have tried this both with Windows Python 3.5.1 and Python 2.7.9 in Linux. Same issue.

If I debug with openssl s_server in Linux or cygwin it is working...

openssl s_server -accept 22939 -cert server.crt -key private_key.pem -cipher 'ADH-AES256-SHA' -debug

cygwin openssl 1.0.2e

linux openssl 1.0.1k

Code:

import socket, ssl

tcpSocket = socket.socket()
tcpSocket.bind(('', 22939))
tcpSocket.listen(5)


while True:
    newsocket, fromaddr = tcpSocket.accept()
    sslSocket = ssl.wrap_socket(newsocket,
                                 server_side=True,
                                 certfile="server.crt",
                                 keyfile="private_key.pem",
                                 ciphers="ADH-AES256-SHA"
                                 )
try:
    #Later add stuff
finally:
    sslSocket.shutdown(socket.SHUT_RDWR)
    sslSocket.close()

Python Error:

   File "C:\Program Files (x86)\Python35-32\lib\ssl.py", line 1064, in wrap_socket
ciphers=ciphers)
  File "C:\Program Files (x86)\Python35-32\lib\ssl.py", line 747, in __init__
self.do_handshake()
  File "C:\Program Files (x86)\Python35-32\lib\ssl.py", line 983, in do_handshake
self._sslobj.do_handshake()
    File "C:\Program Files (x86)\Python35-32\lib\ssl.py", line 628, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:645)

Client Hello from Wireshark:

TLSv1 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 45
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 41
        Version: TLS 1.0 (0x0301)
        Random
            GMT Unix Time: Jan  9, 2016 20:34:56.000000000 W. Europe Standard Time
            Random Bytes: a5e0011a6307dc4328eb9a2779a5f22a2eea8d607c8a1297...
        Session ID Length: 0
        Cipher Suites Length: 2
        Cipher Suites (1 suite)
            Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA (0x003a)
        Compression Methods Length: 1
        Compression Methods (1 method)
            Compression Method: null (0)

Answer 1

Thanks to Steffen I was able to get this working quite easily after countless troubleshooting prior.

Just in case anyone else has this problem here is the resolution in code:

First generate the PEM dhparams file

openssl dhparam -5 -outform PEM -out dhparam.pem

Python Code:

import socket, ssl

tcpSocket = socket.socket()
tcpSocket.bind(('', 22939))
tcpSocket.listen()

while True:
    newsocket, fromaddr = tcpSocket.accept()
    sslContext = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
    sslContext.set_ciphers("ADH-AES256-SHA")
    sslContext.load_dh_params("dhparam.pem")
    sslSocket = sslContext.wrap_socket(newsocket,
                                      server_side=True,
                                      )
    try:
        #Later add stuff
    finally:
        sslSocket.shutdown(socket.SHUT_RDWR)
        sslSocket.close()

Answer 2

The main problem is probably that you are using a DH cipher but does not have any DH parameters. While openssl s_server has some default DH params built in, ssl.wrap_socket does not so you have to explicitly set these. See http://nullege.com/codes/search/ssl.SSLContext.load_dh_params for an example.

Apart from that is that it does not make sense to use a certificate together with an anonymous cipher, i.e. a cipher which explicitly does not require a certificate.