通过python可以免去编译很快速的实现ssl socket的模拟,如下server和client的示例,作为日常学习ssl的行为模式,应该是能满足了: sslServer:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
import socket import ssl import sys def sslServer(host, port): # create user defined SSLContext ssl_context = ssl.SSLContext() ssl_context.verify_mode = ssl.CERT_REQUIRED ssl_context.load_verify_locations(cafile='RootCA.pem') ssl_context.check_hostname = False # test this protocol with client's PROTOCOL_TLSv1_2 ssl_context.protocol = ssl.PROTOCOL_TLS_SERVER ssl_context.load_cert_chain("Server.pem", "Server.key") cipher_suites = 'ECDHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384' ssl_context.set_ciphers(cipher_suites) try: server = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) # set reuse options server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) server.bind((host, port)) server.listen(1) with ssl_context.wrap_socket(server, server_side=True) as ssl_server: conn, addr = ssl_server.accept() print("accept conn from %s" % str(addr)) # get the ssl cipher info print('ssl cipher: {}'.format(conn.cipher())) while conn: recv_data = conn.recv(1024) print("recv: %s" % repr(recv_data)) if not recv_data: break conn.sendall(recv_data) except Exception as e: print(e) if __name__ == '__main__': print('ssl ver: {}'.format(ssl.OPENSSL_VERSION)) try: sslServer(sys.argv[1], int(sys.argv[2])) except KeyboardInterrupt: print('server exit') |
sslClient:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
import socket import ssl import sys def sslClient(host, port): # create defauly_context ssl_context = ssl.create_default_context(cafile='RootCA.pem') ssl_context.load_cert_chain("Client.pem", "Client.key") ssl_context.protocol = ssl.PROTOCOL_TLSv1_2 # crl test # ssl_context.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF # ssl_context.load_verify_locations("Server.crl") cipher_suites = 'DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384' ssl_context.set_ciphers(cipher_suites) client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) with ssl_context.wrap_socket(client, server_hostname='Server') as ssl_client: ssl_client.connect((host, port)) # get the ssl cipher info print('ssl cipher: {}'.format(ssl_client.cipher())) while True: send_data = input("send:") ssl_client.sendall(send_data.encode()) recv_data = ssl_client.recv(1024) print("recv:%s" % recv_data) if __name__ == '__main__': print('ssl ver: {}'.format(ssl.OPENSSL_VERSION)) try: sslClient(sys.argv[1], int(sys.argv[2])) except KeyboardInterrupt: print('client exit') |
参考: 官方文档: https://docs.python.org/3 […]