+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: Homework (https://python-forum.io/forum-9.html)
+--- Thread: How to perform an ssl renegociation (/thread-9132.html)
How to perform an ssl renegociation - madem - Mar-22-2018
Hello,
I tried to déterminate if a website is vulnerable to ssl client renegociation.
I've got two constraint for that
1) Create a script with python 2.7
2) Only use modules from the standard librairie
So what i've done is create a first ssl/tls connection with a website. For that, i used ssl librairie. It works.
But there is no function renegociation(). So, to perform the renegociation, i just try to change the cipher that i want to use and try to do an handshake with the do_handshake() function but thath doesn't work. I tried it on amazon.fr (which refuse ssl client renegociation) but my script doesn't got an error during the execution.
Here is my code :
#encoding=utf-8
import socket
import ssl
hostname = 'amazon.fr'
port = 443
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
context.options |= ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 # ssl version. Here TLSv1_2
try:
context.set_ciphers('ECDHE-RSA-AES128-SHA') # the cipher suite that we want to use
except Exception as excep:
print "Exception : ", excepe
s_ = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s = context.wrap_socket(s_, server_hostname = hostname)
try:
s.connect((hostname, port)) # try to connect
print "accepted", s.cipher() # connection accepted with the cipher s.cipher
context.set_ciphers('ECDHE-RSA-AES128-GCM-SHA256') # we now put an other cipher suite
s.do_handshake() # and try to perform handshake
except Exception as excep:
print "Error : ", excepDo you have any idea of how can i do to realise an ssl renegociation ?Thank's :)