pyOpenSSL set_cipher_list does not have effect on traffic
Question
Update: it seems that do_handshake is reseting the cipher list
Admittedly this a very specific scenario, but maybe someone will have an idea. I'm trying to force a server to only accept RC4-SHA (for debug reasons only). My code looks something like:
ctx.set_cipher_list('RC4-SHA')
self.connection = SSL.Connection(ctx, self.connection)
print self.connection.getpeername(), self.connection.get_cipher_list()
According to the printout, everything works, and indeed the connection is set up with RC4-SHA. However, looking at Wireshark, I can see that the server replied with another suite (TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)). Needless to say, the client proposed, TLS_RSA_WITH_RC4_128_SHA (0x0005), so there was no reason not to use it.
I'm using Python 2.7, pyOpenSSL 0.13, OpenSSL 1.0.1e. The code I'm working on is part of mitmproxy.
Any ideas?
1 answers
solution1
1 ACCPTED 2013-08-20 15:25:05
apparently there was a callback defined for the context in case the client specifies a server name:
ctx.set_tlsext_servername_callback(handle_sni)
that callback defined a new context that apparently overrides the context with the defined ciphers during the handshake. The solution was to add the ciphers definition into that callback.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.