在下面的代码中握手时,我收到错误 Got TLS error: FATAL alert returned by server: HANDSHAKE_FAILURE
。可能是什么问题?
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from __future__ import with_statement
from __future__ import print_function
try:
# This import works from the project directory
from scapy_ssl_tls.ssl_tls import *
except ImportError:
# If you installed this package via pip, you just need to execute this
from scapy.layers.ssl_tls import *
tls_version = TLSVersion.TLS_1_2
ciphers = [TLSCipherSuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256]
# ciphers = [TLSCipherSuite.ECDHE_RSA_WITH_AES_256_CBC_SHA384]
# ciphers = [TLSCipherSuite.RSA_WITH_AES_128_CBC_SHA]
# ciphers = [TLSCipherSuite.RSA_WITH_RC4_128_SHA]
# ciphers = [TLSCipherSuite.DHE_RSA_WITH_AES_128_CBC_SHA]
# ciphers = [TLSCipherSuite.DHE_DSS_WITH_AES_128_CBC_SHA]
extensions = [TLSExtension() / TLSExtECPointsFormat(),
TLSExtension() / TLSExtSupportedGroups()]
def tls_client(ip):
with TLSSocket(client=True) as tls_socket:
try:
print("kooo")
tls_socket.connect(ip)
print("Connected to server: %s" % (ip,))
except socket.timeout:
print("Failed to open connection to server: %s" % (ip,), file=sys.stderr)
else:
try:
server_hello, server_kex = tls_socket.do_handshake(tls_version, ciphers, extensions)
server_hello.show()
tls_socket.setsockopt(socket.SOL_IP, socket.IP_TTL, 20)
except TLSProtocolError as tpe:
print("Got TLS error: %s" % tpe, file=sys.stderr)
tpe.response.show()
else:
resp = tls_socket.do_round_trip(TLSPlaintext(data="GET / HTTP/1.1\r\nHost: pirate.trade\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\n"))
print("Got response from server")
resp.show()
# finally:
# print(tls_socket.tls_ctx)
if __name__ == "__main__":
if len(sys.argv) > 2:
server = (sys.argv[1], int(sys.argv[2]))
else:
server = ("pirate.trade", 443)
tls_client(server)
最佳答案
针对 pirate.trade
运行显示的代码有两个问题。
第一个是该站点仅支持 ECDSA 密码,因为它只有 ECDSA 证书。例如,这可以通过查看 the SSLLabs report 看出。查看报告的密码或证书时。要修复此行,请仅提供 RSA 密码
ciphers = [TLSCipherSuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256]
此行提供 ECDSA 密码
ciphers = [TLSCipherSuite.ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]
第二个问题是站点需要 SNI TLS 扩展。从SSLLabs的报告中也可以看出这一点:
This site works only in browsers with SNI support.
这个扩展可以通过修改已经存在的扩展来添加:
extensions = [TLSExtension() / TLSExtECPointsFormat(),
TLSExtension() / TLSExtSupportedGroups(),
TLSExtension() / TLSExtServerNameIndication(server_names=TLSServerName(data="pirate.trade"))]
只有当两个修复都完成时,握手才会成功。
关于python - 收到 TLS 错误 : FATAL alert returned by server: HANDSHAKE_FAILURE,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46088798/