I am trying to connect to a Postgres Database using sockets to enforce a particular TLS version from the client in order to verify that the Database does not accept connections from the client which uses an older version of TLS like tlsv1.1. The connection is failing on handshake with the following error :
python test2.py
Traceback (most recent call last): File "test2.py", line 12, in
ssl_version=ssl.PROTOCOL_TLSv1_2) File "<>/python3.6/lib/python3.6/ssl.py", line 1232, in
get_server_certificate
with context.wrap_socket(sock) as sslsock: File "<>/python3.6/lib/python3.6/ssl.py", line 407, in wrap_socket
_context=self, _session=session) File "<>/python3.6/lib/python3.6/ssl.py", line 817, in init
self.do_handshake() File "<>/python3.6/lib/python3.6/ssl.py", line 1077, in do_handshake
self._sslobj.do_handshake() File "<>/python3.6/lib/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake() ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:852)
The following is a snippet of the code:
import socket
import ssl
hostname = <DB_Endpoint>
context = ssl.create_default_context()
with socket.create_connection((hostname, 8200)) as sock:
with context.wrap_socket(sock, server_hostname=hostname) as ssock:
print(ssock.version())
Related
I have python script which uses FTP_TLS to get access to FTPS server. When I try to do_handshake next error appears:
File "/usr/local/lib/python3.7/ftplib.py", line 749, in login
self.auth()
File "/usr/local/lib/python3.7/ftplib.py", line 761, in auth
server_hostname=host)
File "/usr/local/lib/python3.7/ssl.py", line 423, in wrap_socket
session=session
File "/usr/local/lib/python3.7/ssl.py", line 870, in _create
self.do_handshake()
File "/usr/local/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1076)
My script:
ftp = FTP_TLS()
ftp.connect(host, port)
ftp.login(user, passwd)
ftp.prot_p()
Is there any way to turn off this warning or change some ciphers?
I am trying to make a web server on sockets in python. I saw how to make https support for server from module http.server in python by wrapping its socket with a .pem certificate. I would like to make https support on my socket server. I have a self-signed certificate for a localhost and it worked for a ready-made server, but my server has an error:
Traceback(most recent call last):
File "webserver.py", line 84, in main
server.start_server()
File "C:\b\nw\12t\http_lite.py", line 103, in start_server
conn, addr = ssock.accept()
File "C:\Python37\lib\ssl.py", line 1188, in accept
server_side=True)
File "C:\Python37\lib\ssl.py", line 423, in wrap_socket
session = session
File "C:\Python37\lib\ssl.py", line 870, in _create
self.do_handshake()
File "C:\Python37\lib\ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c: 1076)
And also if I allow to open a site in a browser:
Traceback (most recent call last):
File "webserver.py", line 84, in main
server.start_server()
File "C:\b\nw\12t\http_lite.py", line 100, in start_server
conn, addr = ssock.accept()
File "C:\Python37\lib\ssl.py", line 1188, in accept
server_side=True)
File "C:\Python37\lib\ssl.py", line 423, in wrap_socket
session = session
File "C:\Python37\lib\ssl.py", line 870, in _create
self.do_handshake()
File "C:\Python37\lib\ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
OSError: [Errno 0] Error
My connection setup code looks like this:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, proto=0)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind ((self.host, self.port))
s.listen(self.backlog)
ssock = ssl.wrap_socket(s,
server_side=True,
certfile='localhost.pem',
ssl_version=ssl.PROTOCOL_TLSv1)
in the while loop
conn, addr = ssock.accept()
....
Please help me figure out what I am doing wrong.
Sorry for my bad English.
I use a self signed certificate that I generated with the following command:
sudo make-ssl-cert generate-default-snakeoil
And copied it to my home directory.
If I run the following with this on server side:
from socket import socket, AF_INET, SOCK_STREAM
import ssl
def main():
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.verify_mode = ssl.CERT_REQUIRED
context.load_cert_chain('/home/hfurmans/ssl-cert-snakeoil.pem', '/home/hfurmans/ssl-cert-snakeoil.key')
host = "myipaddress"
port = 5432
my_socket = socket(AF_INET, SOCK_STREAM)
my_socket.bind((host, port))
my_socket.listen(1)
my_socket = context.wrap_socket(my_socket, server_side=True)
conn, addr = my_socket.accept()
print("Connection from: " + str(addr))
data = conn.recv(1024).decode()
print(data)
print("from connected user: " + str(data))
data = str(data).upper()
print("sending: " + str(data))
conn.send(data.encode())
conn.close()
if __name__ == "__main__":
main()
I substituded my IP address. But they are the same on server and client.
Here is the client code:
import socket
import ssl
hostname = "myipaddress"
context = ssl.create_default_context()
sock = socket.create_connection((hostname, 5432))
ssock = context.wrap_socket(sock, server_hostname=hostname)
print(ssock.version())
ssock.send("test")
If I run both scripts i get the following error.
This is the client error:
bash-3.2$ python3 client.py
Traceback (most recent call last):
File "client.py", line 8, in <module>
ssock = context.wrap_socket(sock, server_hostname=hostname)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1108)
And here is the server error:
Traceback (most recent call last):
File "server.py", line 27, in <module>
main()
File "server.py", line 16, in main
conn, addr = my_socket.accept()
File "/usr/lib/python3.6/ssl.py", line 1125, in accept
server_side=True)
File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
_context=self, _session=session)
File "/usr/lib/python3.6/ssl.py", line 817, in __init__
self.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 1077, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
A self-signed certificate is a trick to pretend that the CA
is the certificate itself.
So we have to provide beforehand the client with this certificate
in order to trust it when it will be encountered.
In the client, after the creation of the SSL context,
I tried something similar to
context.load_verify_locations('/home/hfurmans/ssl-cert-snakeoil.pem')
and it worked.
( https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_verify_locations)
I only had to remove context.verify_mode = ssl.CERT_REQUIRED in
the server because I didn't provide my client with its own certificate,
but that was not the problem reported in your question.
Of course, for all of this to work, your certificate must have
the correct common-name.
If the client connects to myipaddress (as a hostname),
then the common-name of the certificate must be myipaddress too.
Question I want to be able to connect to and download a file from my remote FTP filezilla. I am able to connect however as soon as it executes "ftp.retrlines('LIST')" I get an error as described below. Any help would be greatly appreciated!!!
Here is my script
from ftplib import FTP_TLS
ftp = FTP_TLS('111.111.111.111) # Hidden IP for my FTP SERVER
ftp.login('ftpuser', 'ftppassword12345')
ftp.prot_p() # securing data connection explicitly
ftp.cwd('/') # change working directory to the root
ftp.retrlines('LIST') # This is where it fails
Here is the error
Traceback (most recent call last):
File "ftps_.py", line 7, in <module>
ftp.retrlines('LIST')
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ftplib.py", line 735, in retrlines
conn = self.transfercmd(cmd)
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ftplib.py", line 376, in transfercmd
return self.ntransfercmd(cmd, rest)[0]
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ftplib.py", line 713, in ntransfercmd
server_hostname=self.host)
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 352, in wrap_socket
_context=self)
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 579, in __init__
self.do_handshake()
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 808, in do_handshake
self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:590)
I need to use https connection via sockets(to use socks proxy), I'm trying to use ssl but get an error:
>>> import socket
>>> import ssl
>>> s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
>>> s.connect(("www.google.com.ua",443))
>>> ss=ssl.wrap_socket(s)
Traceback (most recent call last):
File "<pyshell#4>", line 1, in <module>
ss=ssl.wrap_socket(s)
File "/usr/lib/python3.2/ssl.py", line 521, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python3.2/ssl.py", line 276, in __init__
raise x
File "/usr/lib/python3.2/ssl.py", line 272, in __init__
self.do_handshake()
File "/usr/lib/python3.2/ssl.py", line 451, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [Errno 8] _ssl.c:392: EOF occurred in violation of protocol
How can I make it right? Thnx in advance.