Lighthat Lighthat - 2 months ago 20
Python Question

Creating an SSL socket with python

I'm using Python 2.4.4 and OpenSSL 0.9.8k (not by choice)

I've referred to the documentation: https://docs.python.org/release/2.4.4/lib/module-socket.html

and to pretty much every mention of "openSSL" and "python" on the internet, and I haven't found a solution to my problem.

I'm simply writing a test program to initiate an SSL connection. Here is the code:

server

#!/usr/bin/python
import socket
import _ssl

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('', 4433))
s.listen(5)

while True:
client, address = s.accept()
ssl_client = socket.ssl(client,
keyfile='keyfile',
certfile='certfile')
print "Connection: ", address
data = ssl_client.read(1024)
if data:
print "received data: ", data
ssl_client.write(data + " Hello, World!")
del ssl_client
client.close()


client

#!/usr/bin/python
import socket
import _ssl

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('host', 4433))
ssl_s = socket.ssl(s,
keyfile='keyfile',
certfile='certfile')
print 'writing ', ssl_s.write("Hello, World!"), ' bytes to ssl stream'
data = ssl_s.read(1024)
del ssl_s
s.close()

print "received data: ", data


Some notes about this code -
keyfile
and
certfile
are paths to my actual key and cert file. Those arguments are not the issue. The hostnames are also not the issue. I'm aware that the port used is 4433 - in our requirements, we're meant to use a generic port, not 443. I was unaware that it was possible to use SSL over a different port, but regardless, even when I use 443 I get the exact same error.

I can run the server fine, and then when I run the client, I get the following error on the
wrap_socket
lines for both client and server:

error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol


I've read it's due to using a non-443 port, but again, using 443 didn't fix things. I've read it could be a protocol mismatch, but the client and the server are both defaulting to SSL2.3. We're meant to use TLS1.2 as per our requirements, but the docs don't seem to have any information on how to set the SSL protocol version. I'm unsure if that's related to my issue. Please keep in mind I'm not here to open a dialogue regarding to use of outdated SSL and Python versions.

Answer

socket.ssl is only able to initiate a SSL connection and the given optional cert and key are for use of client certificates. socket.ssl is not able to be used on the server side and it looks like python 2.4.4 does not offer this feature in any of the core modules at all. In later versions of python you can use the ssl module for this but 2.4.4 does not seem to have this.