Message259305
I tried to use ssl module to create a server with a certificate that uses an ECC key. However, this didn't work. Here is how to reproduce this:
First, generate a key and a certificate:
$ openssl req -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -x509 -keyout key.pem -out cert.pem
(type some passphrase, then just press Enter in response to the questions that it asks)
Then run this Python program:
from socket import socket
from ssl import wrap_socket
s = socket()
s.bind(('localhost', 12345))
s.listen()
wrap_socket(s.accept()[0], 'key.pem', 'cert.pem', True)
This program will wait for a connection, so try to connect:
$ openssl s_client -connect localhost:12345
The program will ask for a passphrase, so type it. After that, you will get an exception:
Traceback (most recent call last):
File "test.py", line 6, in <module>
wrap_socket(s.accept()[0], 'key.pem', 'cert.pem', True)
File "/usr/lib/python3.5/ssl.py", line 1064, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python3.5/ssl.py", line 747, in __init__
self.do_handshake()
File "/usr/lib/python3.5/ssl.py", line 983, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib/python3.5/ssl.py", line 628, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:645)
If the certificate uses RSA key, it works. With ECC, I had no luck. I tried creating a context explicitly and using set_ciphers method to enable more ciphers. While it appears to support ECDSA ciphersuites, it can't use them for some reason. |
|
Date |
User |
Action |
Args |
2016-02-01 01:50:17 | abacabadabacaba | set | recipients:
+ abacabadabacaba |
2016-02-01 01:50:17 | abacabadabacaba | set | messageid: <1454291417.3.0.6306970178.issue26254@psf.upfronthosting.co.za> |
2016-02-01 01:50:17 | abacabadabacaba | link | issue26254 messages |
2016-02-01 01:50:14 | abacabadabacaba | create | |
|