[英]Using tlslite python server with SRP against an open ssl client fails with “SSL_connect:error in SSLv3 read server key exchange B”
I'm using python tlslite lib to implement a TCP server with SRP-RSA-AES-256-CBC-SHA. 我正在使用python tlslite lib来实现带有SRP-RSA-AES-256-CBC-SHA的TCP服务器。 in the client side I'm running a command line open ssl client in this way:
在客户端,我以这种方式运行命令行打开ssl客户端:
openssl s_client -srpuser Alice -cipher SRP-RSA-AES-256-CBC-SHA -connect localhost:443 -debug -state
the openssl client failing the server key exchange stage in the handshaking because of that: 由于以下原因,openssl客户端在握手中的服务器密钥交换阶段失败:
"SSL_connect:error in SSLv3 read server key exchange B 139693443733160:error:04091068:rsa routines:INT_RSA_VERIFY:bad signature:rsa_sign.c:222: 139693443733160:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature:s3_clnt.c:1817:"
“ SSLv3读取服务器密钥交换B中的SSL_connect:错误139693443733160:错误:04091068:rsa例程:INT_RSA_VERIFY:错误的签名:rsa_sign.c:222:139693443733160:错误:1408D07B:SSL例程:SSL3_GET_KEY_EXCHANGE:错误的签名:s3_clnt.c:1817 :“
when I'm running openssl client against openssl server (with the same key and certificate), it works well. 当我针对openssl服务器(使用相同的密钥和证书)运行openssl客户端时,它运行良好。 the same when running tlslite pyhton server and client.
运行tlslite pyhton服务器和客户端时相同。
any one have any idea? 任何人有任何想法吗?
Issue was found. 发现问题。 It was a bug in the tlslite lib code (version 0.4.8).
这是tlslite lib代码(0.4.8版)中的错误。 there is a bug in the way the signature of the server key exchange packet is generated.
服务器密钥交换数据包的签名生成方式存在错误。 The code doesn't really take in account the data in the signature.
该代码实际上并没有考虑签名中的数据。 I fixed it locally and have a plan to commit it to the git project soon.
我在本地修复它,并计划尽快将其提交到git项目。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.