Author abacabadabacaba
Recipients abacabadabacaba
Date 2016-02-01.01:50:14
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1454291417.3.0.6306970178.issue26254@psf.upfronthosting.co.za>
In-reply-to
Content
I tried to use ssl module to create a server with a certificate that uses an ECC key. However, this didn't work. Here is how to reproduce this:

First, generate a key and a certificate:

    $ openssl req -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -x509 -keyout key.pem -out cert.pem
    (type some passphrase, then just press Enter in response to the questions that it asks)

Then run this Python program:

    from socket import socket
    from ssl import wrap_socket
    s = socket()
    s.bind(('localhost', 12345))
    s.listen()
    wrap_socket(s.accept()[0], 'key.pem', 'cert.pem', True)

This program will wait for a connection, so try to connect:

    $ openssl s_client -connect localhost:12345

The program will ask for a passphrase, so type it. After that, you will get an exception:

    Traceback (most recent call last):
      File "test.py", line 6, in <module>
        wrap_socket(s.accept()[0], 'key.pem', 'cert.pem', True)
      File "/usr/lib/python3.5/ssl.py", line 1064, in wrap_socket
        ciphers=ciphers)
      File "/usr/lib/python3.5/ssl.py", line 747, in __init__
        self.do_handshake()
      File "/usr/lib/python3.5/ssl.py", line 983, in do_handshake
        self._sslobj.do_handshake()
      File "/usr/lib/python3.5/ssl.py", line 628, in do_handshake
        self._sslobj.do_handshake()
    ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:645)

If the certificate uses RSA key, it works. With ECC, I had no luck. I tried creating a context explicitly and using set_ciphers method to enable more ciphers. While it appears to support ECDSA ciphersuites, it can't use them for some reason.
History
Date User Action Args
2016-02-01 01:50:17abacabadabacabasetrecipients: + abacabadabacaba
2016-02-01 01:50:17abacabadabacabasetmessageid: <1454291417.3.0.6306970178.issue26254@psf.upfronthosting.co.za>
2016-02-01 01:50:17abacabadabacabalinkissue26254 messages
2016-02-01 01:50:14abacabadabacabacreate