Changeset 124 for trunk


Ignore:
Timestamp:
03/01/17 20:13:07 (8 years ago)
Author:
tim
Message:

.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/lib/bletchley/ssltls.py

    r123 r124  
    5555
    5656
    57 def startSSLTLS(sock, mode='client', protocol=SSL.TLSv1_METHOD, key=None, certChain=[], cipher_list=b'DES-CBC3-SHA:RC4-MD5:RC4-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:ADH-AES256-GCM-SHA384'):
     57def startSSLTLS(sock, mode='client', protocol=SSL.TLSv1_METHOD, key=None, certChain=[], cipher_list=None):
    5858    '''
    5959    cipher_list names drawn from:
     
    7979
    8080def ConnectSSLTLS(host, port, cipher_list=None, handshake_callback=None, verbose=True):
    81     protocols = [("SSL 2/3", SSL.SSLv23_METHOD),
    82                  ("TLS 1.0", SSL.TLSv1_METHOD),
    83                  ("TLS 1.1", SSL.TLSv1_1_METHOD),
    84                  ("TLS 1.2", SSL.TLSv1_2_METHOD),
    85                  ("SSL 3.0", SSL.SSLv3_METHOD),
    86                  ("SSL 2.0", SSL.SSLv2_METHOD)]
     81    backup_cipher_list = b'DES-CBC3-SHA:RC4-MD5:RC4-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ADH-AES256-GCM-SHA384'
     82    protocols = [("SSL 2/3", SSL.SSLv23_METHOD, None),
     83                 ("SSL 2/3", SSL.SSLv23_METHOD, backup_cipher_list),
     84                 ("TLS 1.0", SSL.TLSv1_METHOD, None),
     85                 ("TLS 1.0", SSL.TLSv1_METHOD, backup_cipher_list),
     86                 ("TLS 1.1", SSL.TLSv1_1_METHOD, None),
     87                 ("TLS 1.1", SSL.TLSv1_1_METHOD, backup_cipher_list),
     88                 ("TLS 1.2", SSL.TLSv1_2_METHOD, None),
     89                 ("TLS 1.2", SSL.TLSv1_2_METHOD, backup_cipher_list),
     90                 ("SSL 3.0", SSL.SSLv3_METHOD, None),
     91                 ("SSL 3.0", SSL.SSLv3_METHOD, backup_cipher_list),
     92                 ("SSL 2.0", SSL.SSLv2_METHOD, None),
     93                 ("SSL 2.0", SSL.SSLv2_METHOD, backup_cipher_list)]
    8794
    8895    conn = None
    89     for pname,p in protocols:
     96    for pname,p,cl in protocols:
    9097        serverSock = socket.socket()
    9198        serverSock.connect((host,port))
     
    100107           
    101108        try:
    102             conn = startSSLTLS(serverSock, mode='client', protocol=p, cipher_list=cipher_list)
     109            conn = startSSLTLS(serverSock, mode='client', protocol=p, cipher_list=cl)
    103110            break
    104111        except ValueError as e:
     
    110117                sys.stderr.write("\nThis could happen because the server requires "
    111118                                 "certain SSL/TLS versions or a client certificiate."
    112                                  "  Have no fear, we'll keep trying...\n")           
     119                                 "  Have no fear, we'll keep trying...\n")
    113120        except Exception as e:
    114121            sys.stderr.write("Unknown exception during %s handshake with server: \n" % pname)
Note: See TracChangeset for help on using the changeset viewer.