将tlslite python服务器与SRP一起用于打开的ssl客户端时失败,并显示“ SSL_connect:SSLv3读取服务器密钥交换B中的错误”
[英]Using tlslite python server with SRP against an open ssl client fails with “SSL_connect:error in SSLv3 read server key exchange B”
问题描述
I'm using python tlslite lib to implement a TCP server with SRP-RSA-AES-256-CBC-SHA. 
我正在使用python tlslite lib来实现带有SRP-RSA-AES-256-CBC-SHA的TCP服务器。 in the client side I'm running a command line open ssl client in this way: 在客户端,我以这种方式运行命令行打开ssl客户端:
openssl s_client -srpuser Alice -cipher SRP-RSA-AES-256-CBC-SHA -connect localhost:443 -debug -state
the openssl client failing the server key exchange stage in the handshaking because of that: 由于以下原因,openssl客户端在握手中的服务器密钥交换阶段失败:
"SSL_connect:error in SSLv3 read server key exchange B 139693443733160:error:04091068:rsa routines:INT_RSA_VERIFY:bad signature:rsa_sign.c:222: 139693443733160:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature:s3_clnt.c:1817:"
when I'm running openssl client against openssl server (with the same key and certificate), it works well. 当我针对openssl服务器(使用相同的密钥和证书)运行openssl客户端时,它运行良好。 the same when running tlslite pyhton server and client. 运行tlslite pyhton服务器和客户端时相同。
any one have any idea? 任何人有任何想法吗?
1 个解决方案
解决方案1
0 2014-12-22 07:53:48
Issue was found. 发现问题。 It was a bug in the tlslite lib code (version 0.4.8). 这是tlslite lib代码(0.4.8版)中的错误。 there is a bug in the way the signature of the server key exchange packet is generated. 服务器密钥交换数据包的签名生成方式存在错误。 The code doesn't really take in account the data in the signature. 该代码实际上并没有考虑签名中的数据。 I fixed it locally and have a plan to commit it to the git project soon. 我在本地修复它,并计划尽快将其提交到git项目。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.