Changeset 130
- Timestamp:
- 07/18/17 20:40:24 (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/bletchley/ssltls.py
r128 r130 2 2 Utilities for manipulating certificates and SSL/TLS connections. 3 3 4 Copyright (C) 2014,2016 Blindspot Security LLC4 Copyright (C) 2014,2016,2017 Blindspot Security LLC 5 5 Author: Timothy D. Morgan 6 6 … … 22 22 import traceback 23 23 import random 24 import time 24 25 import socket 25 26 try: … … 74 75 if mode == 'client': 75 76 conn.set_connect_state() 76 conn.do_handshake() 77 # This hokey crap is required because OpenSSL wants you to poll rather than just block 78 # XXX: tie this sleep time into the timeout parameter 79 for tries in range(0,10): 80 try: 81 conn.do_handshake() 82 break 83 except OpenSSL.SSL.WantReadError as e: 84 time.sleep(0.1) 77 85 else: 78 86 conn.set_accept_state() … … 82 90 83 91 def ConnectSSLTLS(host, port, cipher_list=None, timeout=None, handshake_callback=None, verbose=True): 84 backup_cipher_list = b'DES-CBC3-SHA:RC4-MD5:RC4-SHA: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ADH-AES256-GCM-SHA384'85 protocols = [("SSL 2/3", SSL.SSLv23_METHOD, None),92 backup_cipher_list = b'DES-CBC3-SHA:RC4-MD5:RC4-SHA:AES128-SHA:AES256-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ADH-AES256-GCM-SHA384' 93 protocols = [("SSL 2/3", SSL.SSLv23_METHOD, cipher_list), 86 94 ("SSL 2/3", SSL.SSLv23_METHOD, backup_cipher_list), 87 ("TLS 1.0", SSL.TLSv1_METHOD, None),95 ("TLS 1.0", SSL.TLSv1_METHOD, cipher_list), 88 96 ("TLS 1.0", SSL.TLSv1_METHOD, backup_cipher_list), 89 ("TLS 1.1", SSL.TLSv1_1_METHOD, None),97 ("TLS 1.1", SSL.TLSv1_1_METHOD, cipher_list), 90 98 ("TLS 1.1", SSL.TLSv1_1_METHOD, backup_cipher_list), 91 ("TLS 1.2", SSL.TLSv1_2_METHOD, None),99 ("TLS 1.2", SSL.TLSv1_2_METHOD, cipher_list), 92 100 ("TLS 1.2", SSL.TLSv1_2_METHOD, backup_cipher_list), 93 ("SSL 3.0", SSL.SSLv3_METHOD, None),101 ("SSL 3.0", SSL.SSLv3_METHOD, cipher_list), 94 102 ("SSL 3.0", SSL.SSLv3_METHOD, backup_cipher_list), 95 ("SSL 2.0", SSL.SSLv2_METHOD, None),103 ("SSL 2.0", SSL.SSLv2_METHOD, cipher_list), 96 104 ("SSL 2.0", SSL.SSLv2_METHOD, backup_cipher_list)] 97 105 … … 124 132 except SSL.Error as e: 125 133 if verbose: 126 sys.stderr.write("Exception during %s handshake with server." % pname) 134 sys.stderr.write("Exception during %s handshake with server. (%s)" % (pname, e)) 135 #traceback.print_exc(file=sys.stderr) 127 136 sys.stderr.write("\nThis could happen because the server requires " 128 "certain SSL/TLS versions or a client certific iate."137 "certain SSL/TLS versions or a client certificate." 129 138 " Have no fear, we'll keep trying...\n") 130 139 except Exception as e:
Note: See TracChangeset
for help on using the changeset viewer.