stackoom
  简体   繁体   中英

Facing an error when using pyopenssl_psk to create secure connection for cipher suite PSK-AES128-GCM-SHA256

 原文  2020-06-30 09:51:16       ssl/ openssl/ pyopenssl

Question

Facing an error while using pyopenssl_psk module for cipher suite PSK-AES128-GCM-SHA256 to achieve secure connection between server and client. am I missing anything here?

Error: ctx.set_psk_client_callback(client_callback) AttributeError: 'Context' object has no attribute 'set_psk_client_callback'

server code:

from OpenSSL.SSL import Context, Connection, TLSv1_2_METHOD
from openssl_psk import patch_context

PSK_MAP = {
    b'testing.domain.0106': b'AD',
}

def server_callback(conn, client_identity):
    return PSK_MAP[client_identity]

ctx = Context(TLSv1_2_METHOD)
ctx.set_cipher_list(b'PSK-AES128-GCM-SHA256')
ctx.use_psk_identity_hint(b'testing.domain.0106')
ctx.set_psk_server_callback(server_callback)
server = Connection(ctx)

client code:

from OpenSSL.SSL import Context, Connection, TLSv1_2_METHOD
from openssl_psk import patch_context

def client_callback(conn, identity_hint):
    return (b'domain.0010', b'AD')

ctx = Context(TLSv1_2_METHOD)
ctx.set_cipher_list(b'PSK-AES128-GCM-SHA256')
ctx.set_psk_client_callback(client_callback)
client = Connection(ctx)

Updated Client code:

from OpenSSL.SSL import Context, Connection, TLSv1_2_METHOD
from openssl_psk import patch_context
import socket,pprint
HOST = '127.0.0.1'
PORT = 4443
def client_callback(conn, identity_hint):
    return (b'domain.0010', b'AD')
patch_context()
ctx = Context(TLSv1_2_METHOD)
ctx.set_cipher_list(b'PSK-AES128-GCM-SHA256')
ctx.set_psk_client_callback(client_callback)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
conn = Connection(ctx,s)
conn.connect((HOST, PORT))
print("Sending: 'Hello, world!")
conn.send(b"Hello, world!")
print("Closing connection")
conn.close()

Updated server code:

from OpenSSL.SSL import Context, Connection, TLSv1_2_METHOD
import ssl,socket,pprint
from openssl_psk import patch_context

HOST = '127.0.0.1'
PORT = 4443

PSK_MAP = {
    #b'pre_shared_key_identity': b'pre_shared_key'
     b'testing.domain.0106': b'AD',
}

def server_callback(conn, client_identity):
    return PSK_MAP[client_identity]

patch_context()
ctx = Context(TLSv1_2_METHOD)
ctx.set_cipher_list(b'PSK-AES128-GCM-SHA256')
ctx.use_psk_identity_hint(b'testing.domain.0106')
ctx.set_psk_server_callback(server_callback)
#server = Connection(ctx)

server_hostname = 'testing.domain.0106'

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind((HOST, PORT))
sock.listen(5)
conn, addr = sock.accept()
ssock = Connection(ctx,conn)
print("created wrap socket")
buf = b''  # Buffer to hold received client data
try:
    while True:
        data = ssock.recv(4096)
        if data:
            # Client sent us data. Append to buffer
            buf += data
        else:
            # No more data from client. Show buffer and close connection.
            print("Received:", buf)
            break
finally:
    print("Closing connection")
    ssock.close()

Please find the error that is being faced now after adding patch_context()
SysCallError(errno, errorcode.get(errno))
OpenSSL.SSL.SysCallError: (10054, 'WSAECONNRESET')

When i browsed for this error, i got to know that this happens due to bad handshake configuration in server but could not find exactly where it is going wrong.

1 answers

solution1
 1  2020-07-02 11:54:45

You forgot to call 'patch_context' server code:

from OpenSSL.SSL import Context, Connection, TLSv1_2_METHOD
from openssl_psk import patch_context

PSK_MAP = {
    b'testing.domain.0106': b'AD',
}

def server_callback(conn, client_identity):
    return PSK_MAP[client_identity]

patch_context()
ctx = Context(TLSv1_2_METHOD)
ctx.set_cipher_list(b'PSK-AES128-GCM-SHA256')
ctx.use_psk_identity_hint(b'testing.domain.0106')
ctx.set_psk_server_callback(server_callback)
server = Connection(ctx)

client code:

from OpenSSL.SSL import Context, Connection, TLSv1_2_METHOD
from openssl_psk import patch_context

def client_callback(conn, identity_hint):
    return (b'domain.0010', b'AD')

patch_context()
ctx = Context(TLSv1_2_METHOD)
ctx.set_cipher_list(b'PSK-AES128-GCM-SHA256')
ctx.set_psk_client_callback(client_callback)

client = Connection(ctx)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Does only TLS_AES_128_GCM_SHA256 cipher work for psk connections for TLS 1.3? TLS_PSK_WITH_AES_128_GCM_SHA256 ciphersuite in C# How to configure libssl to use TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite? How to generate a PEM file with Openssl using ECDHE-RSA-AES128-GCM-SHA256 cipher Enovy error - The following ciphers were rejected when tried individually: TLS_AES_128_GCM_SHA256 MQSC_UNSUPPORTED_CIPHER_SUITE on WAS7/8 for tls_rsa_with_aes_128_cbc_sha256 Preshared keys (TLS-PSK-WITH-AES-256-CBC-SHA) with node.js server TLS connection with PSK using Bouncycastle JDK7 SSL conenction Issue Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 AES-PSK authentification using grizzly
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM