def test_set_ciphersuites(self): # Given a server that supports TLS 1.3 with ModernOpenSslServer() as server: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect((server.hostname, server.port)) # And a client that only supports a specific TLS 1.3 cipher suite ssl_client = SslClient( ssl_version=OpenSslVersionEnum.TLSV1_3, underlying_socket=sock, ssl_verify=OpenSslVerifyEnum.NONE, ) ssl_client.set_ciphersuites("TLS_CHACHA20_POLY1305_SHA256") # When doing the TLS 1.3 handshake, it succeeds try: ssl_client.do_handshake() finally: ssl_client.shutdown() # And client's cipher suite was used assert "TLS_CHACHA20_POLY1305_SHA256" == ssl_client.get_current_cipher_name( )
ssl_client = SslClient( ssl_version=OpenSslVersionEnum.TLSV1_2, underlying_socket=sock, ssl_verify=OpenSslVerifyEnum.PEER, ssl_verify_locations=mozilla_store, ) ssl_client.set_tlsext_status_ocsp() ssl_client.do_handshake() print("Received certificate chain") for pem_cert in ssl_client.get_received_chain(): print(pem_cert) print("Verified certificate chain") for pem_cert in ssl_client.get_verified_chain(): print(pem_cert) print("OCSP Stapling") ocsp_resp = ssl_client.get_tlsext_status_ocsp_resp() if ocsp_resp: ocsp_resp.verify(Path(mozilla_store)) print(ocsp_resp.status) print("\nCipher suite") print(ssl_client.get_current_cipher_name()) print("\nHTTP response") ssl_client.write( b"GET / HTTP/1.0\r\nUser-Agent: Test\r\nHost: www.google.com\r\n\r\n") print(ssl_client.read(2048))
class EarlyDataClient(): def __init__(self, **kw): self.socket = None self.session = None self.client = None self.dest = kw.get('dest', 'localhost') self.port = kw.get('port', 443) self.socket_timeout = kw.get('socket_timeout', 5) self.regular_data = kw.get('regular_data', b'XXX-REGULAR-DATA-XXX') self.early_data = kw.get('early_data', b'XXX-EARLY-DATA-XXX') self.read_size = kw.get('read_size', 2048) def _init(self, dest='localhost', port=443, timeout=5): self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.socket.settimeout(timeout) self.socket.connect((dest, port)) self.client = SslClient(ssl_version=OpenSslVersionEnum.TLSV1_3, underlying_socket=self.socket, ssl_verify_locations=u'mozilla.pem') def _finish_handshake(self): if not self.client.is_handshake_completed(): self.client.do_handshake() print('\tCipher suite:', self.client.get_current_cipher_name()) def _close(self): self.client.shutdown() self.socket.close() print('\n') def _write_read_close(self, data_to_send=b'XXX-REGULAR-DATA-XXX', read_size=2048): try: self.client.write(data_to_send) self.client.read(2048) self.session = self.client.get_session() except socket.timeout as e: print('\n\tSocket was timed out. Closing...') finally: self._close() def _send_early_data(self, early_data_to_send=b'XXX-EARLY-DATA-XXX'): self.client.set_session(self.session) self.client.write_early_data(early_data_to_send) self._finish_handshake() print('\t', self.client.get_early_data_status()) self._close() def test_early(self, early_data_to_send=b'XXX-EARLY-DATA-XXX'): print('First Session:') self._init(dest=self.dest, port=self.port) self._finish_handshake() self._write_read_close(data_to_send=self.regular_data) if self.session: print('Reused Session:') self._init(dest=self.dest, port=self.port) if self.session.get_max_early_data() > 0: self._send_early_data() else: print('\n\tServer does not support Early-Data. Closing...') self._close else: print('\nPrevious session failed, can`t send early data. Closing...') print('='*80, '\n')
ssl_client = SslClient( ssl_version=OpenSslVersionEnum.TLSV1_2, underlying_socket=sock, ssl_verify=OpenSslVerifyEnum.PEER, ssl_verify_locations=mozilla_store, ) ssl_client.set_tlsext_status_ocsp() ssl_client.do_handshake() print('Received certificate chain') for pem_cert in ssl_client.get_received_chain(): print(pem_cert) print('Verified certificate chain') for pem_cert in ssl_client.get_verified_chain(): print(pem_cert) print('OCSP Stapling') ocsp_resp = ssl_client.get_tlsext_status_ocsp_resp() if ocsp_resp: ocsp_resp.verify(mozilla_store) print(ocsp_resp.as_dict()) print('\nCipher suite') print(ssl_client.get_current_cipher_name()) print('\nHTTP response') ssl_client.write(b'GET / HTTP/1.0\r\nUser-Agent: Test\r\nHost: www.google.com\r\n\r\n') print(ssl_client.read(2048))