【发布时间】:2020-03-12 12:27:50
【问题描述】:
这是我的扭曲反应堆:
def main():
"""Main reactor block, with SSL"""
with open('configs/ssl/my_certificate.pem') as f:
certdata = f.read()
certificate = ssl.PrivateCertificate.loadPEM(certdata)
# Previously the options were generated by: certificate.options()
options = ssl.CertificateOptions(privateKey=certificate.privateKey.original,
certificate=certificate.original,
raiseMinimumTo=ssl.TLSVersion.TLSv1_2,
lowerMaximumSecurityTo=ssl.TLSVersion.TLSv1_2)
factory = protocol.Factory.forProtocol(GMP)
reactor.listenSSL(6060, factory, options)
return defer.Deferred()
您可以在这里看到我正在尝试将 TLS 版本设置为仅允许 1_2,但我未能实现这一点。之前一切正常,当时我没有指定额外的证书选项而是使用certificate.options()。这是我运行 openssl 进行测试时的结果:
[root@devtsm ~]# openssl s_client -connect localhost:6060 -tls1_2
CONNECTED(00000003)
140479663523728:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:s3_pkt.c:1493:SSL alert number 70
140479663523728:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:659:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
我对 TLS 和 OpenSSL 非常陌生,所以我真的不知道自己在做什么。任何帮助将不胜感激。
【问题讨论】: