From what I can see in the Python documentation for the ssl module, there is no control over how the Client Hello is sent to the server. Moreover, since the Encrypted Client Hello extension to the TLS protocol is somewhat experimental, with Firefox only supporting it via a hidden about:config option.
That being said, is there a way to create a connection to an SSL/TLS server with an Encrypted Client Hello from Python today? If possible, I would prefer answers that use the requests library so that it can be immediately applied to connecting to HTTPS endpoints.
Related
We are using Elasticemail for our SMTP server and running in issues where our server would fail to connect to the SMTP server for various reasons. Currently, we only find out about the issue when a user complains.
We want to monitor the connection to the server on a regular interval and notify Admin if there is a connection failure.
Is there any way to test the connection to the server without sending an actual email using Python3?
I am using the Azure IoT Hub Client SDK for Python. I am using a slightly modified version of the sample script from the github repo to upload files to the IoT Hub. Everything works fine as long as I do not have to use a proxy for outgoing connections.
I tried to understand how to configurate a proxy for this, but I did not find anything for the Python SDK. I searched also in the other SDKs and found some ProxySettings in the iothub_client_options.h of the C SDK. But I do not know how to set these settings in the python client (in case the settings are actually working).
I also found an issue that the connection over websockets needs some special format of the Linux environment variables. But I do not use websockets.
I tried to run my script both in Windows and Linux environments where the proxy system settings are correctly configured (Win: Internet settings, Linux: environment variables).
Is there any documentation on this topic? Does anybody how to configure a proxy either on windows or on linux?
Per my experience, I think you can run the python script using Azure IoTHub Client SDK without any proxy settings to communicate with Azure IoT Hub if the OS configured correctly the proxy.
However, there are some notes which need to be focused by using different protocol (such as HTTP, Socks, etc) configured in proxy server, as below.
Normally, the proxy server was configured for working on HTTP protocol which only allow the HTTP communication. So if using IoTHub Client within HTTP mode, the script will works fine, but not works within AMQP/MQTT mode.
If the proxy server was configured for working on Socks protocol, such as Socks4/Socks5, the script within any mode will works fine, because the Socks protocol just transmit datagram, not check the protocol type.
So please check which protocols be supported in your proxy server, then to use HTTP mode or configure Socks protocol for proxy to make the script works.
I have used Python external package, websocket-client to connect to a RESTful service that sends events.
from websocket import create_connection
ws = create_connection("wss://machine:port/servicename/subscribe")
for event in ws:
print event
...getting events printed
I wonder whether the same functionality can be implemented using the core Python 2.7 or Python 3.5, without installing the external websocket-client package or any other 3rd party Python package.
I have searched the Internet and those examples of code using Python socket module I've seen, refer to connections via http or tcp whereas I need to establish connection via wss.
Very late, but for anyone who might stumble here...Web Sockets protocol is built on TCP so it is expected that implementations of the protocol establish connections via TCP. Also, Web Socket's opening handshake is done following HTTP. This would also explain why Alex saw HTTP connections. If you want to see how to implement one from scratch, install web socket modules (autobahn, which in turn would lead to installing and reading Twisted and asyncio modules, or wampy) and dive into the code. Would recommend reading the Web Sockets protocol specifications at https://www.rfc-editor.org/rfc/rfc6455 before tackling the modules.
I have a NodeJS-socketIO server that has clients listening from JS, PHP & Python. It works like a charm when the communication happens over plain HTTP/WS channel.
Now, when i try to secure this communication, the websocket transport is not working anymore. It falls back to xhr-polling(long polling) transport. Xhr-polling still works for JS client but not on python which purely depends on socket transport.
Things i tried:
On node, Using https(with commercial certificates) instead of http - Works good for serving pages via Node but not for socketIO
Proxy via HAProxy (1.15-dev19). From HTTPS(HAProxy) to HTTP(Node). Couldn't get Websocket transport working and it falls back to xhr-polling on JS. Python gets 502 on handshake.
Proxy via STunnel (for HTTPS) -> HAProxy(Websocket Proxy) -> Node(SocketIO) - This doesnt work either. Python client still gets 502 on handshake.
Proxy via Stunnel(HTTPS) -> Node(SocketIO) - This doesnt work too. Not sure if STunnel support websocket proxy
node-http-proxy : Throws 500(An error has occurred: {"code":"ECONNRESET"}) on websocket and falls back to xhr-polling
Im sure its a common use case and there is a solution exist. Would really appreciate any help.
Thanks in advance!
My case seems to be a rare one. I built this whole environment on a EC2 instance based on Amazon Linux. As almost all the yum packages are not up to date, i had to install pretty much every yum packages from source. By doing so i could have missed configuration unchanged/added. Or HAProxy required lib could have been not the latest.
In any case, i tried building the environment again on ubuntu 12.04 based EC2 instance. HAProxy worked like a charm with a bit of configuration tweaks. I can now connect my SocketIO server from JS, Python & PHP over SSL without any problem. I could also create a Secured TCP Amazon ELB that listens on 443 and proxy it to non-standard port (8xxx).
Let me know if anyone else encounters a similar problem, I will be happy to help!
I'm being trying to
Log into a server using SHH (with Paramiko)
Use that connection like a proxy and route network traffic through it and out to the internet. So say I could set it as my proxy in Urllib2, Mechanize, Firefox, etc.).
Is the second part possible or will I have to have some sort of proxy server running on the server to get this to work?
You could implement a SOCKS proxy in the paramiko client that routes connections across the SSH tunnel via paramiko's open_channel method. Unfortunately, I don't know of any out-of-the-box solution that does this, so you'd have to roll your own. Alternatively, run a SOCKS server on the server, and just forward that single port via paramiko.