Changeset 124
- Timestamp:
- 03/01/17 20:13:07 (8 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/bletchley/ssltls.py
r123 r124 55 55 56 56 57 def startSSLTLS(sock, mode='client', protocol=SSL.TLSv1_METHOD, key=None, certChain=[], cipher_list= b'DES-CBC3-SHA:RC4-MD5:RC4-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:ADH-AES256-GCM-SHA384'):57 def startSSLTLS(sock, mode='client', protocol=SSL.TLSv1_METHOD, key=None, certChain=[], cipher_list=None): 58 58 ''' 59 59 cipher_list names drawn from: … … 79 79 80 80 def ConnectSSLTLS(host, port, cipher_list=None, handshake_callback=None, verbose=True): 81 protocols = [("SSL 2/3", SSL.SSLv23_METHOD), 82 ("TLS 1.0", SSL.TLSv1_METHOD), 83 ("TLS 1.1", SSL.TLSv1_1_METHOD), 84 ("TLS 1.2", SSL.TLSv1_2_METHOD), 85 ("SSL 3.0", SSL.SSLv3_METHOD), 86 ("SSL 2.0", SSL.SSLv2_METHOD)] 81 backup_cipher_list = b'DES-CBC3-SHA:RC4-MD5:RC4-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ADH-AES256-GCM-SHA384' 82 protocols = [("SSL 2/3", SSL.SSLv23_METHOD, None), 83 ("SSL 2/3", SSL.SSLv23_METHOD, backup_cipher_list), 84 ("TLS 1.0", SSL.TLSv1_METHOD, None), 85 ("TLS 1.0", SSL.TLSv1_METHOD, backup_cipher_list), 86 ("TLS 1.1", SSL.TLSv1_1_METHOD, None), 87 ("TLS 1.1", SSL.TLSv1_1_METHOD, backup_cipher_list), 88 ("TLS 1.2", SSL.TLSv1_2_METHOD, None), 89 ("TLS 1.2", SSL.TLSv1_2_METHOD, backup_cipher_list), 90 ("SSL 3.0", SSL.SSLv3_METHOD, None), 91 ("SSL 3.0", SSL.SSLv3_METHOD, backup_cipher_list), 92 ("SSL 2.0", SSL.SSLv2_METHOD, None), 93 ("SSL 2.0", SSL.SSLv2_METHOD, backup_cipher_list)] 87 94 88 95 conn = None 89 for pname,p in protocols:96 for pname,p,cl in protocols: 90 97 serverSock = socket.socket() 91 98 serverSock.connect((host,port)) … … 100 107 101 108 try: 102 conn = startSSLTLS(serverSock, mode='client', protocol=p, cipher_list=c ipher_list)109 conn = startSSLTLS(serverSock, mode='client', protocol=p, cipher_list=cl) 103 110 break 104 111 except ValueError as e: … … 110 117 sys.stderr.write("\nThis could happen because the server requires " 111 118 "certain SSL/TLS versions or a client certificiate." 112 " Have no fear, we'll keep trying...\n") 119 " Have no fear, we'll keep trying...\n") 113 120 except Exception as e: 114 121 sys.stderr.write("Unknown exception during %s handshake with server: \n" % pname)
Note: See TracChangeset
for help on using the changeset viewer.