I want to initiate a simple SSL connection between a client and a server written in python 3, but I am getting errors.
Here is the server code :
#/usr/bin/python3
import socket
import ssl
HOST, PORT = '0.0.0.0', 12345
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind((HOST, PORT))
sock.listen(10)
client, addr = sock.accept()
# WRAP SOCKET
wrappedSocket = ssl.wrap_socket(client, server_side=True, ssl_version=ssl.PROTOCOL_SSLv23, ciphers="ADH-AES256-SHA")
# CONNECT AND PRINT REPLY
print(wrappedSocket.recv(1024))
# CLOSE SOCKET CONNECTION
wrappedSocket.close()
And here is the client code :
#/usr/bin/python3
import socket
import ssl
HOST, PORT = '127.0.0.1', 12345
# CREATE SOCKE
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# WRAP SOCKET
wrappedSocket = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_SSLv23, ciphers="ADH-AES256-SHA")
# connect and send a message
wrappedSocket.connect((HOST, PORT))
wrappedSocket.send(b"Hello")
wrappedSocket.close()
And here is the error that I am having on the server side :
Traceback (most recent call last):
File "server.py", line 18, in
wrappedSocket = ssl.wrap_socket(client, server_side=True, ssl_version=ssl.PROTOCOL_SSLv23, ciphers="ADH-AES256-SHA")
File "/usr/lib/python3.4/ssl.py", line 890, in wrap_socket ciphers=ciphers)
File "/usr/lib/python3.4/ssl.py", line 509, in init raise ValueError("certfile must be specified for server-side "
ValueError: certfile must be specified for server-side operations
Please, I don't want a complicated SSL connection, I am just looking for the simplest way possible to encrypt the data between the client and the server, just like ncat
with the --ssl
option ( ncat --ssl -l -p 12345
from the server side, and ncat --ssl 127.0.0.1 12345
from the client side).
PS : I am using Ubuntu 15.10 and Python 3.
You can generate a self-signed certificate using openssl
and specify in wrap_socket the certfile
attribute and the keyfile
attribute server side
Generating an RSA public/private-key pair
openssl genrsa -out private.pem 2048
Generating a self-signed certificate
openssl req -new -x509 -key private.pem -out cacert.pem -days 1095
Using SSL as the security protocol will require you to either create or purchase SSL certificates since that is a required part of the handshake.
From RFC 6101
5.6.2. Server Certificate
If the server is to be authenticated (which is generally the case), the server sends its certificate immediately following the server hello message. The certificate type must be appropriate for the
selected cipher suite's key exchange algorithm, and is generally an X.509.v3 certificate
Pass your certfile to the wrapper:
from http.server import HTTPServer, SimpleHTTPRequestHandler
import ssl
httpd = HTTPServer(('localhost', 4443), SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket(httpd.socket,
certfile='/tmp/tcert_key.pem', server_side=True)
httpd.serve_forever()
Then you have to enter your passphrase for your selfsigned secured private key. The integrated key file (certfile) can be generated with cat or type in the shell:
type tkey.pem tcert.pem > tcert_key.pem
is equivalent of:
$ cat file1 file2 > file3
It is possible to remove the passphrase of the private key file for the secured server side case. OpenSSL provides utils to do that. For example:
openssl pkey -in yourkey-with-pass.pem -out yourkey-without-pass.pem
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.