TLS 握手失败

问题描述 投票:0回答:0
Hi there - I'm stuck, hope somebody can help me.

I need to write a python test (under 'pytest') to verify TLS communication between a windows PC and an embedded target board.

As an intermediate step I have downloaded and built openssl from here https://www.openssl.org/source/ and run it from a cmd window like this:
As a server:    openssl s_server -accept 49152 -nocert -psk 1a2b3c4d
Or as a client: openssl s_client -port 49152 -psk 1a2b3c4d -tls1_3

The embedded target acts as a TLS1.3 client and connects fine with the above openssl server (when I use a matching psk).

But I need to run the TLS server with pyopenssl. I have both a server and a client based on pyopenssl, and when I run them together they work fine.
However, when I run the python versions against either the target board - or the windows openssl, then it always fails like this:
The client sends 'Client Hello' as expected, but the server responds with...
  Alert Message
      Level: Fatal (2)
      Description: Illegal Parameter (47)

(It doesn't tell which parameter is illegal)

以下组合以同样的方式失败:

  1. windows openssl 作为服务器 <--> python 版本作为客户端
  2. windows openssl 作为客户端<-->python 版本作为服务器

所以:我的 python 脚本做错了什么? 我正在使用 python 版本 3.10.2。这是服务器代码:

*从 OpenSSL 导入 SSL 从套接字导入套接字,AF_INET,SOCK_STREAM 从 openssl_psk 导入 patch_context

补丁上下文()

server_addr = '127.0.0.1' 服务器端口 = 49152

psk_value : str = '1a2b3c4d' PSK_MAP = {b'Client_identity': psk_value}

if name == "main":

def server_callback(conn_2, client_identity):
    return PSK_MAP[client_identity]

ctx = SSL.Context(SSL.TLS_METHOD)
ctx.set_options(SSL.OP_NO_TLSv1_1 | SSL.OP_NO_TLSv1)
ctx.set_verify(SSL.VERIFY_NONE)
ctx.use_psk_identity_hint('Client_identity')     # seems not to be necessary in server
ctx.set_psk_server_callback(server_callback)

sock = socket(AF_INET, SOCK_STREAM)
conn_1 = SSL.Connection(ctx, sock)
conn_1.bind((server_addr, server_port))
ctx.set_cipher_list(b"AES128-GCM-SHA256")
conn_1.listen(1)

while True:
    print('\tWaiting for client to connect...\r\n')
    newsocket, fromaddr = conn_1.accept()
    print ('Server accepted a socket-request')
    conn_2 = SSL.Connection(ctx, newsocket)
    conn_2.set_accept_state()
    conn_2.do_handshake()

    # bla bla
ssl handshake
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.