(May-26-2023, 12:03 AM)DigiGod Wrote: (May-25-2023, 10:39 AM)JohnnyCoffee Wrote: Do I need to send a ( Server Hello ) as a response to the handshake ( Client Hello ) received, but I couldn’t find out why it doesn’t work? If I can help, below is an example:
import socket
import ssl
# Create a TCP/IP socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Bind the socket to port 443
sock.bind(("", 443))
# Listen for connections
sock.listen(1)
# Accept a connection
conn, addr = sock.accept()
# Create a SSL/TLS context
ctx = ssl.SSLContext()
# Load the server's certificate
ctx.load_cert_chain("server.crt")
# Create a SSL/TLS wrapper around the socket
ssl_sock = ctx.wrap_socket(conn)
# Receive the "ClientHello" message
client_hello = ssl_sock.recv(16384)
# Select the highest version of SSL/TLS common between the client and the server
ssl_version = client_hello[0:2]
# Select a set of encryption algorithms and security parameters supported by both the client and the server
ciphers = ssl.get_ciphers()
# Send the "ServerHello" message to the client
ssl_sock.sendall(b"Server Hello\n" + ssl_version + b"\n" + ciphers + b"\n")
# Receive the "ClientKeyExchange" message from the client
client_key_exchange = ssl_sock.recv(16384)
# Generate a shared secret
shared_secret = ssl.generate_shared_secret(client_key_exchange)
# Encrypt the data stream
ssl_sock.write(shared_secret)
# Receive data from the client
data = ssl_sock.read()
# Decrypt the data
decrypted_data = ssl.decrypt_data(data, shared_secret)
# Print the decrypted data
print(decrypted_data)
# Close the socket
ssl_sock.close()
The code you provided has a few errors. Here's a corrected version:
import socket
import ssl
# Create a TCP/IP socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Bind the socket to port 443
sock.bind(("localhost", 443))
# Listen for connections
sock.listen(1)
# Accept a connection
conn, addr = sock.accept()
# Create a SSL/TLS context
ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
# Load the server's certificate and private key
ctx.load_cert_chain(certfile="server.crt", keyfile="server.key")
# Create a SSL/TLS wrapper around the socket
ssl_sock = ctx.wrap_socket(conn, server_side=True)
# Receive the "ClientHello" message
client_hello = ssl_sock.recv(16384)
# Select the highest version of SSL/TLS common between the client and the server
ssl_version = client_hello[:2]
# Select a set of encryption algorithms and security parameters supported by both the client and the server
ciphers = ssl_sock.cipher()
# Send the "ServerHello" message to the client
ssl_sock.sendall(b"Server Hello\n" + ssl_version + b"\n" + ciphers + b"\n")
# Receive the "ClientKeyExchange" message from the client
client_key_exchange = ssl_sock.recv(16384)
# Generate a shared secret
shared_secret = ssl_sock.shared_ciphers()
# Encrypt the data stream
ssl_sock.write(shared_secret)
# Receive data from the client
data = ssl_sock.read()
# Decrypt the data
decrypted_data = ssl_sock.decrypt(data)
# Print the decrypted data
print(decrypted_data)
# Close the socket
ssl_sock.close()
sock.close()Note: Please make sure to replace the "server.crt" and "server.key" file paths with the actual paths to your server's certificate and private key files.
I made some modifications to the above code and the handshake ( server hello ) works but the secure connection is not being established ( the certificate was signed and the private key is correct ), below is the refactored code :
import socket
import multiprocessing
import ssl
def connect_tls(conex_tcp):
# Create a SSL/TLS context
ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
# Load the server's certificate and private key
ctx.load_cert_chain(certfile="/etc/ssl/certs/kosmics.tech.crt", keyfile="/etc/ssl/private/private.key")
# Create a SSL/TLS wrapper around the socket
socket_tls = ctx.wrap_socket(conex_tcp, server_side=True)
# Close the Connection TLS
conex_tcp.close()
# Receive the "ClientHello" message
client_hello = socket_tls.recv(16384)
# Select the highest version of SSL/TLS common between the client and the server
version = client_hello[:2]
# Select a set of encryption algorithms and security parameters supported by both the client and the server
cipher_suites = socket_tls.cipher()
# Send the "Server Hello" message to the client
socket_tls.sendall(b"Server Hello\n" + version + b"\n" + cipher_suites + b"\n")
# Receive the "ClientKeyExchange" message from the client
client_key_exchange = socket_tls.recv(16384)
# Generate a shared secret
shared_secret = socket_tls.shared_ciphers()
# Encrypt the data stream
socket_tls.write(shared_secret)
# Receive data from the client
data = socket_tls.read()
# Decrypt the data
decrypted_data = socket_tls.decrypt(data)
# Close the Socket TLS
socket_tls.close()
def connect_tcp():
# Create a socket and bind it to port 443
socket_tcp = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Define o endereço e a porta em que o servidor vai ouvir
address_https = ('', 443)
# Liga o socket ao endereço e porta
socket_tcp.bind(address_https)
# Ouça conexões de clientes
socket_tcp.listen()
while True:
# Aceite uma conexão do cliente
conex_tcp, client_addr = socket_tcp.accept()
# Cria processos para lidar com requisição simultaneo
process = multiprocessing.Process(target=connect_tls, args=(conex_tcp,))
process.start()
if __name__ == '__main__':
connect_tcp()
