这是我扭曲的反应堆:
def main():
"""Main reactor block, with SSL"""
with open('configs/ssl/my_certificate.pem') as f:
certdata = f.read()
certificate = ssl.PrivateCertificate.loadPEM(certdata)
# Previously the options were generated by: certificate.options()
options = ssl.CertificateOptions(privateKey=certificate.privateKey.original,
certificate=certificate.original,
raiseMinimumTo=ssl.TLSVersion.TLSv1_2,
lowerMaximumSecurityTo=ssl.TLSVersion.TLSv1_2)
factory = protocol.Factory.forProtocol(GMP)
reactor.listenSSL(6060, factory, options)
return defer.Deferred()
[您可以在这里看到我正在尝试将TLS版本设置为仅允许1_2,但是我未能实现这一点。以前,当我没有指定额外的证书选项而是使用certificate.options()
时,一切都工作正常。这是我运行openssl进行测试时的结果:
[root@devtsm ~]# openssl s_client -connect localhost:6060 -tls1_2
CONNECTED(00000003)
140479663523728:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:s3_pkt.c:1493:SSL alert number 70
140479663523728:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:659:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
我是TLS和OpenSSL的新手,所以我真的不知道我在做什么。任何帮助,将不胜感激。
应用了此更改,它起作用。
lowerMaximumSecurityTo=ssl.TLSVersion.TLSv1_3
谁知道lowerMaxTo意味着降低它,以便最大值是低于此值的那个。