【发布时间】:2014-11-10 12:42:38
【问题描述】:
我关注Python SSL socket echo test with self-signed certificate 博客测试了一个简单的 SSL 套接字连接。我生成了一个自签名证书,并使用上面的 Python 代码进行了尝试。
一切正常,但问题是,当我使用 Wireshark 监控网络数据包时,我看不到任何 SSL 流量。我所看到的只是普通的 TCP 数据包,但我希望看到使用 SSL 协议。我错过了什么吗?
为了完整起见,我添加代码:
client.py
import socket, ssl, pprint
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Require a certificate from the server. We used a self-signed certificate
# so here ca_certs must be the server certificate itself.
ssl_sock = ssl.wrap_socket(s,
ca_certs="server.crt",
cert_reqs=ssl.CERT_REQUIRED)
ssl_sock.connect(('localhost', 10023))
print repr(ssl_sock.getpeername())
print ssl_sock.cipher()
print pprint.pformat(ssl_sock.getpeercert())
ssl_sock.write("boo!")
if False: # from the Python 2.7.3 docs
# Set a simple HTTP request -- use httplib in actual code.
ssl_sock.write("""GET / HTTP/1.0\r
Host: www.verisign.com\n\n""")
# Read a chunk of data. Will not necessarily
# read all the data returned by the server.
data = ssl_sock.read()
# note that closing the SSLSocket will also close the underlying socket
ssl_sock.close()
server.py
import socket, ssl
bindsocket = socket.socket()
bindsocket.bind(('', 10023))
bindsocket.listen(5)
def do_something(connstream, data):
print "do_something:", data
return False
def deal_with_client(connstream):
data = connstream.read()
while data:
if not do_something(connstream, data):
break
data = connstream.read()
while True:
newsocket, fromaddr = bindsocket.accept()
connstream = ssl.wrap_socket(newsocket,
server_side=True,
certfile="server.crt",
keyfile="server.key")
try:
deal_with_client(connstream)
finally:
connstream.shutdown(socket.SHUT_RDWR)
connstream.close()
Wireshark 截图:
【问题讨论】:
-
如果您从客户端删除所有 SSL,它是否仍然有效(功能上)?例如。你确定不只是 Wireshark 没有报告 SSL 的使用吗?例如。在“协议”下,我期望看到 TCP,而不是 SSL,因为 TCP 是您正在使用的网络层协议。
-
@TomDalton,如果我只是浏览 Google,Wireshark 会报告 SSL 协议,因此我期待看到类似的东西。我将从客户端中删除 SSL 以查看它是否有效。
标签: python sockets ssl ssl-certificate wireshark