def test_set_ciphersuites(self):
# Given a server that supports TLS 1.3
with ModernOpenSslServer() as server:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
sock.connect((server.hostname, server.port))
# And a client that only supports a specific TLS 1.3 cipher suite
ssl_client = SslClient(
ssl_version=OpenSslVersionEnum.TLSV1_3,
underlying_socket=sock,
ssl_verify=OpenSslVerifyEnum.NONE,
)
ssl_client.set_ciphersuites("TLS_CHACHA20_POLY1305_SHA256")
# When doing the TLS 1.3 handshake, it succeeds
try:
ssl_client.do_handshake()
finally:
ssl_client.shutdown()
# And client's cipher suite was used
assert "TLS_CHACHA20_POLY1305_SHA256" == ssl_client.get_current_cipher_name(
)
ssl_client = SslClient(
ssl_version=OpenSslVersionEnum.TLSV1_2,
underlying_socket=sock,
ssl_verify=OpenSslVerifyEnum.PEER,
ssl_verify_locations=mozilla_store,
)
ssl_client.set_tlsext_status_ocsp()
ssl_client.do_handshake()
print("Received certificate chain")
for pem_cert in ssl_client.get_received_chain():
print(pem_cert)
print("Verified certificate chain")
for pem_cert in ssl_client.get_verified_chain():
print(pem_cert)
print("OCSP Stapling")
ocsp_resp = ssl_client.get_tlsext_status_ocsp_resp()
if ocsp_resp:
ocsp_resp.verify(Path(mozilla_store))
print(ocsp_resp.status)
print("\nCipher suite")
print(ssl_client.get_current_cipher_name())
print("\nHTTP response")
ssl_client.write(
b"GET / HTTP/1.0\r\nUser-Agent: Test\r\nHost: www.google.com\r\n\r\n")
print(ssl_client.read(2048))
class EarlyDataClient():
def __init__(self, **kw):
self.socket = None
self.session = None
self.client = None
self.dest = kw.get('dest', 'localhost')
self.port = kw.get('port', 443)
self.socket_timeout = kw.get('socket_timeout', 5)
self.regular_data = kw.get('regular_data', b'XXX-REGULAR-DATA-XXX')
self.early_data = kw.get('early_data', b'XXX-EARLY-DATA-XXX')
self.read_size = kw.get('read_size', 2048)
def _init(self, dest='localhost', port=443, timeout=5):
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.socket.settimeout(timeout)
self.socket.connect((dest, port))
self.client = SslClient(ssl_version=OpenSslVersionEnum.TLSV1_3, underlying_socket=self.socket,
ssl_verify_locations=u'mozilla.pem')
def _finish_handshake(self):
if not self.client.is_handshake_completed():
self.client.do_handshake()
print('\tCipher suite:', self.client.get_current_cipher_name())
def _close(self):
self.client.shutdown()
self.socket.close()
print('\n')
def _write_read_close(self, data_to_send=b'XXX-REGULAR-DATA-XXX', read_size=2048):
try:
self.client.write(data_to_send)
self.client.read(2048)
self.session = self.client.get_session()
except socket.timeout as e:
print('\n\tSocket was timed out. Closing...')
finally:
self._close()
def _send_early_data(self, early_data_to_send=b'XXX-EARLY-DATA-XXX'):
self.client.set_session(self.session)
self.client.write_early_data(early_data_to_send)
self._finish_handshake()
print('\t', self.client.get_early_data_status())
self._close()
def test_early(self, early_data_to_send=b'XXX-EARLY-DATA-XXX'):
print('First Session:')
self._init(dest=self.dest, port=self.port)
self._finish_handshake()
self._write_read_close(data_to_send=self.regular_data)
if self.session:
print('Reused Session:')
self._init(dest=self.dest, port=self.port)
if self.session.get_max_early_data() > 0:
self._send_early_data()
else:
print('\n\tServer does not support Early-Data. Closing...')
self._close
else:
print('\nPrevious session failed, can`t send early data. Closing...')
print('='*80, '\n')
ssl_client = SslClient(
ssl_version=OpenSslVersionEnum.TLSV1_2,
underlying_socket=sock,
ssl_verify=OpenSslVerifyEnum.PEER,
ssl_verify_locations=mozilla_store,
)
ssl_client.set_tlsext_status_ocsp()
ssl_client.do_handshake()
print('Received certificate chain')
for pem_cert in ssl_client.get_received_chain():
print(pem_cert)
print('Verified certificate chain')
for pem_cert in ssl_client.get_verified_chain():
print(pem_cert)
print('OCSP Stapling')
ocsp_resp = ssl_client.get_tlsext_status_ocsp_resp()
if ocsp_resp:
ocsp_resp.verify(mozilla_store)
print(ocsp_resp.as_dict())
print('\nCipher suite')
print(ssl_client.get_current_cipher_name())
print('\nHTTP response')
ssl_client.write(b'GET / HTTP/1.0\r\nUser-Agent: Test\r\nHost: www.google.com\r\n\r\n')
print(ssl_client.read(2048))
