def do_handshake_with_robot(self): # type: ignore
"""Modified do_handshake() to send a ROBOT payload and return the result.
"""
try:
# Start the handshake using nassl - will throw WantReadError right away
self._ssl.do_handshake()
except WantReadError:
# Send the Client Hello
len_to_read = self._network_bio.pending()
while len_to_read:
# Get the data from the SSL engine
handshake_data_out = self._network_bio.read(len_to_read)
# Send it to the peer
self._sock.send(handshake_data_out)
len_to_read = self._network_bio.pending()
# Retrieve the server's response - directly read the underlying network socket
# Retrieve data until we get to the ServerHelloDone
# The server may send back a ServerHello, an Alert or a CertificateRequest first
did_receive_hello_done = False
remaining_bytes = b""
while not did_receive_hello_done:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except NotEnoughData:
# Try to get more data
raw_ssl_bytes = self._sock.recv(16381)
if not raw_ssl_bytes:
# No data?
break
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsHandshakeRecord):
# Does the record contain a ServerDone message?
for handshake_message in tls_record.subprotocol_messages:
if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE:
did_receive_hello_done = True
break
# If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth
elif isinstance(tls_record, TlsAlertRecord):
# Server returned a TLS alert
break
else:
raise ValueError("Unknown record? Type {}".format(tls_record.header.type))
if did_receive_hello_done:
# Send a special Client Key Exchange Record as the payload
self._sock.send(self._robot_cke_record.to_bytes())
if self._robot_should_finish_handshake:
# Then send a CCS record
ccs_record = TlsChangeCipherSpecRecord.from_parameters(
tls_version=tls_parser.tls_version.TlsVersionEnum[self._ssl_version.name]
)
self._sock.send(ccs_record.to_bytes())
# Lastly send a Finished record
finished_record_bytes = _RobotTlsRecordPayloads.get_finished_record_bytes(self._ssl_version)
self._sock.send(finished_record_bytes)
# Return whatever the server sent back by raising an exception
# The goal is to detect similar/different responses
while True:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except NotEnoughData:
# Try to get more data
try:
raw_ssl_bytes = self._sock.recv(16381)
if not raw_ssl_bytes:
# No data?
raise ServerResponseToRobot("No data")
except socket.error as e:
# Server closed the connection after receiving the CCS payload
raise ServerResponseToRobot("socket.error {}".format(str(e)))
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsAlertRecord):
raise ServerResponseToRobot(
"TLS Alert {} {}".format(tls_record.alert_description, tls_record.alert_severity)
)
else:
break
raise ServerResponseToRobot("Ok")
def do_handshake_with_heartbleed(self):
"""Modified do_handshake() to send a heartbleed payload and return the result.
"""
try:
# Start the handshake using nassl - will throw WantReadError right away
self._ssl.do_handshake()
except WantReadError:
# Send the Client Hello
len_to_read = self._network_bio.pending()
while len_to_read:
# Get the data from the SSL engine
handshake_data_out = self._network_bio.read(len_to_read)
# Send it to the peer
self._sock.send(handshake_data_out)
len_to_read = self._network_bio.pending()
# Build the heartbleed payload - based on
# https://blog.mozilla.org/security/2014/04/12/testing-for-heartbleed-vulnerability-without-exploiting-the-server/
payload = TlsHeartbeatRequestRecord.from_parameters(
tls_version=TlsVersionEnum[self._ssl_version.name],
heartbeat_data=b'\x01' * 16381
).to_bytes()
payload += TlsHeartbeatRequestRecord.from_parameters(
TlsVersionEnum[self._ssl_version.name],
heartbeat_data=b'\x01\x00\x00'
).to_bytes()
# Send the payload
self._sock.send(payload)
# Retrieve the server's response - directly read the underlying network socket
# Retrieve data until we get to the ServerHelloDone
# The server may send back a ServerHello, an Alert or a CertificateRequest first
did_receive_hello_done = False
remaining_bytes = b''
while not did_receive_hello_done:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except NotEnoughData:
# Try to get more data
raw_ssl_bytes = self._sock.recv(16381)
if not raw_ssl_bytes:
# No data?
break
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsServerHelloDoneRecord):
did_receive_hello_done = True
elif isinstance(tls_record, TlsHandshakeRecord):
# Could be a ServerHello, a Certificate or a CertificateRequest if the server requires client auth
pass
elif isinstance(tls_record, TlsAlertRecord):
# Server returned a TLS alert
break
else:
raise ValueError('Unknown record? Type {}'.format(tls_record.header.type))
is_vulnerable_to_heartbleed = False
if did_receive_hello_done:
expected_heartbleed_payload = b'\x01' * 10
if expected_heartbleed_payload in remaining_bytes:
# Server replied with our hearbeat payload
is_vulnerable_to_heartbleed = True
else:
try:
raw_ssl_bytes = self._sock.recv(16381)
except socket.error:
# Server closed the connection after receiving the heartbleed payload
raise NotVulnerableToHeartbleed()
if expected_heartbleed_payload in raw_ssl_bytes:
# Server replied with our hearbeat payload
is_vulnerable_to_heartbleed = True
if is_vulnerable_to_heartbleed:
raise VulnerableToHeartbleed()
else:
raise NotVulnerableToHeartbleed()
def _do_handshake_with_ccs_injection(self): # type: ignore
"""Modified do_handshake() to send a CCS injection payload and return the result.
"""
try:
# Start the handshake using nassl - will throw WantReadError right away
self._ssl.do_handshake()
except WantReadError:
# Send the Client Hello
len_to_read = self._network_bio.pending()
while len_to_read:
# Get the data from the SSL engine
handshake_data_out = self._network_bio.read(len_to_read)
# Send it to the peer
self._sock.send(handshake_data_out)
len_to_read = self._network_bio.pending()
# Retrieve the server's response - directly read the underlying network socket
# Retrieve data until we get to the ServerHelloDone
# The server may send back a ServerHello, an Alert or a CertificateRequest first
did_receive_hello_done = False
remaining_bytes = b""
while not did_receive_hello_done:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(
remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except NotEnoughData:
# Try to get more data
raw_ssl_bytes = self._sock.recv(16381)
if not raw_ssl_bytes:
# No data?
break
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsHandshakeRecord):
# Does the record contain a ServerDone message?
for handshake_message in tls_record.subprotocol_messages:
if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE:
did_receive_hello_done = True
break
# If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth
elif isinstance(tls_record, TlsAlertRecord):
# Server returned a TLS alert
break
else:
raise ValueError("Unknown record? Type {}".format(
tls_record.header.type))
if did_receive_hello_done:
# Send an early CCS record - this should be rejected by the server
payload = TlsChangeCipherSpecRecord.from_parameters(
tls_version=tls_parser.tls_version.TlsVersionEnum[
self._ssl_version.name]).to_bytes()
self._sock.send(payload)
# Send an early application data record which should be ignored by the server
app_data_record = TlsApplicationDataRecord.from_parameters(
tls_version=tls_parser.tls_version.TlsVersionEnum[
self._ssl_version.name],
application_data=b"\x00\x00")
self._sock.send(app_data_record.to_bytes())
# Check if an alert was sent back
while True:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(
remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except NotEnoughData:
# Try to get more data
try:
raw_ssl_bytes = self._sock.recv(16381)
if not raw_ssl_bytes:
# No data?
raise _NotVulnerableToCcsInjection()
except socket.error:
# Server closed the connection after receiving the CCS payload
raise _NotVulnerableToCcsInjection()
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsAlertRecord):
# Server returned a TLS alert but which one?
if tls_record.alert_description == 0x14:
# BAD_RECORD_MAC: This means that the server actually tried to decrypt our early application data
# record instead of ignoring it; server is vulnerable
raise _VulnerableToCcsInjection()
# Any other alert means that the server rejected the early CCS record
raise _NotVulnerableToCcsInjection()
else:
break
raise _NotVulnerableToCcsInjection()
def _do_handshake_with_heartbleed(self): # type: ignore
"""Modified do_handshake() to send a heartbleed payload and return the result."""
try:
# Start the handshake using nassl - will throw WantReadError right away
self._ssl.do_handshake()
except WantReadError:
# Send the Client Hello
len_to_read = self._network_bio.pending()
while len_to_read:
# Get the data from the SSL engine
handshake_data_out = self._network_bio.read(len_to_read)
# Send it to the peer
self._sock.send(handshake_data_out)
len_to_read = self._network_bio.pending()
# Build the heartbleed payload - based on
# https://blog.mozilla.org/security/2014/04/12/testing-for-heartbleed-vulnerability-without-exploiting-the-server/
payload = TlsHeartbeatRequestRecord.from_parameters(
tls_version=tls_parser.record_protocol.TlsVersionEnum[
self._ssl_version.name],
heartbeat_data=b"\x01" * 16381).to_bytes()
payload += TlsHeartbeatRequestRecord.from_parameters(
tls_parser.record_protocol.TlsVersionEnum[self._ssl_version.name],
heartbeat_data=b"\x01\x00\x00").to_bytes()
# Send the payload
self._sock.send(payload)
# Retrieve the server's response - directly read the underlying network socket
# Retrieve data until we get to the ServerHelloDone
# The server may send back a ServerHello, an Alert, a CertificateRequest or may just close the connection
did_receive_hello_done = False
remaining_bytes = b""
while not did_receive_hello_done:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(
remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except UnknownTlsVersionByte as e:
# Workaround for Amazon Cloudfront; see https://github.com/nabla-c0d3/sslyze/issues/437
if e.record_type == tls_parser.record_protocol.TlsRecordTypeByte.ALERT:
# Server returned a (badly-formatted) TLS alert because it requires SNI
# Hence the server uses a modern TLS stack and is not vulnerable
raise _NotVulnerableToHeartbleed()
else:
raise
except NotEnoughData:
# Try to get more data
try:
raw_ssl_bytes = self._sock.recv(16381)
except socket.error:
# Server closed the connection as soon as it received the Heartbleed payload
raise _NotVulnerableToHeartbleed()
if not raw_ssl_bytes:
# No data?
raise _NotVulnerableToHeartbleed()
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsHandshakeRecord):
# Does the record contain a ServerDone message?
for handshake_message in tls_record.subprotocol_messages:
if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE:
did_receive_hello_done = True
break
# If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth
elif isinstance(tls_record, TlsAlertRecord):
# Server returned a TLS alert
break
else:
raise ValueError("Unknown record? Type {}".format(
tls_record.header.type))
is_vulnerable_to_heartbleed = False
if did_receive_hello_done:
expected_heartbleed_payload = b"\x01" * 10
if expected_heartbleed_payload in remaining_bytes:
# Server replied with our heartbeat payload
is_vulnerable_to_heartbleed = True
else:
try:
raw_ssl_bytes = self._sock.recv(16381)
except socket.error:
# Server closed the connection after receiving the heartbleed payload
raise _NotVulnerableToHeartbleed()
if expected_heartbleed_payload in raw_ssl_bytes:
# Server replied with our heartbeat payload
is_vulnerable_to_heartbleed = True
if is_vulnerable_to_heartbleed:
raise _VulnerableToHeartbleed()
else:
raise _NotVulnerableToHeartbleed()
def do_handshake_with_heartbleed(self):
"""Modified do_handshake() to send a heartbleed payload and return the result.
"""
try:
# Start the handshake using nassl - will throw WantReadError right away
self._ssl.do_handshake()
except WantReadError:
# Send the Client Hello
len_to_read = self._network_bio.pending()
while len_to_read:
# Get the data from the SSL engine
handshake_data_out = self._network_bio.read(len_to_read)
# Send it to the peer
self._sock.send(handshake_data_out)
len_to_read = self._network_bio.pending()
# Build the heartbleed payload - based on
# https://blog.mozilla.org/security/2014/04/12/testing-for-heartbleed-vulnerability-without-exploiting-the-server/
payload = TlsHeartbeatRequestRecord.from_parameters(
tls_version=TlsVersionEnum[self._ssl_version.name],
heartbeat_data=b'\x01' * 16381
).to_bytes()
payload += TlsHeartbeatRequestRecord.from_parameters(
TlsVersionEnum[self._ssl_version.name],
heartbeat_data=b'\x01\x00\x00'
).to_bytes()
# Send the payload
self._sock.send(payload)
# Retrieve the server's response - directly read the underlying network socket
# Retrieve data until we get to the ServerHelloDone
# The server may send back a ServerHello, an Alert, a CertificateRequest or may just close the connection
did_receive_hello_done = False
remaining_bytes = b''
while not did_receive_hello_done:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except NotEnoughData:
# Try to get more data
try:
raw_ssl_bytes = self._sock.recv(16381)
except socket.error:
# Server closed the connection as soon as it received the Heartbleed payload
raise NotVulnerableToHeartbleed()
if not raw_ssl_bytes:
# No data?
raise NotVulnerableToHeartbleed()
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsHandshakeRecord):
# Does the record contain a ServerDone message?
for handshake_message in tls_record.subprotocol_messages:
if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE:
did_receive_hello_done = True
break
# If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth
elif isinstance(tls_record, TlsAlertRecord):
# Server returned a TLS alert
break
else:
raise ValueError('Unknown record? Type {}'.format(tls_record.header.type))
is_vulnerable_to_heartbleed = False
if did_receive_hello_done:
expected_heartbleed_payload = b'\x01' * 10
if expected_heartbleed_payload in remaining_bytes:
# Server replied with our hearbeat payload
is_vulnerable_to_heartbleed = True
else:
try:
raw_ssl_bytes = self._sock.recv(16381)
except socket.error:
# Server closed the connection after receiving the heartbleed payload
raise NotVulnerableToHeartbleed()
if expected_heartbleed_payload in raw_ssl_bytes:
# Server replied with our hearbeat payload
is_vulnerable_to_heartbleed = True
if is_vulnerable_to_heartbleed:
raise VulnerableToHeartbleed()
else:
raise NotVulnerableToHeartbleed()
def do_handshake_with_ccs_injection(self): # type: ignore
"""Modified do_handshake() to send a CCS injection payload and return the result.
"""
try:
# Start the handshake using nassl - will throw WantReadError right away
self._ssl.do_handshake()
except WantReadError:
# Send the Client Hello
len_to_read = self._network_bio.pending()
while len_to_read:
# Get the data from the SSL engine
handshake_data_out = self._network_bio.read(len_to_read)
# Send it to the peer
self._sock.send(handshake_data_out)
len_to_read = self._network_bio.pending()
# Retrieve the server's response - directly read the underlying network socket
# Retrieve data until we get to the ServerHelloDone
# The server may send back a ServerHello, an Alert or a CertificateRequest first
did_receive_hello_done = False
remaining_bytes = b''
while not did_receive_hello_done:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except NotEnoughData:
# Try to get more data
raw_ssl_bytes = self._sock.recv(16381)
if not raw_ssl_bytes:
# No data?
break
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsHandshakeRecord):
# Does the record contain a ServerDone message?
for handshake_message in tls_record.subprotocol_messages:
if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE:
did_receive_hello_done = True
break
# If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth
elif isinstance(tls_record, TlsAlertRecord):
# Server returned a TLS alert
break
else:
raise ValueError('Unknown record? Type {}'.format(tls_record.header.type))
if did_receive_hello_done:
# Send an early CCS record - this should be rejected by the server
payload = TlsChangeCipherSpecRecord.from_parameters(
tls_version=TlsVersionEnum[self._ssl_version.name]).to_bytes()
self._sock.send(payload)
# Send an early application data record which should be ignored by the server
app_data_record = TlsApplicationDataRecord.from_parameters(tls_version=TlsVersionEnum[self._ssl_version.name],
application_data=b'\x00\x00')
self._sock.send(app_data_record.to_bytes())
# Check if an alert was sent back
while True:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except NotEnoughData:
# Try to get more data
try:
raw_ssl_bytes = self._sock.recv(16381)
if not raw_ssl_bytes:
# No data?
raise NotVulnerableToCcsInjection()
except socket.error:
# Server closed the connection after receiving the CCS payload
raise NotVulnerableToCcsInjection()
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsAlertRecord):
# Server returned a TLS alert but which one?
if tls_record.alert_description == 0x14:
# BAD_RECORD_MAC: This means that the server actually tried to decrypt our early application data
# record instead of ignoring it; server is vulnerable
raise VulnerableToCcsInjection()
# Any other alert means that the server rejected the early CCS record
raise NotVulnerableToCcsInjection()
else:
break
raise NotVulnerableToCcsInjection()
def do_handshake_with_robot(self):
"""Modified do_handshake() to send a ROBOT payload and return the result.
"""
try:
# Start the handshake using nassl - will throw WantReadError right away
self._ssl.do_handshake()
except WantReadError:
# Send the Client Hello
len_to_read = self._network_bio.pending()
while len_to_read:
# Get the data from the SSL engine
handshake_data_out = self._network_bio.read(len_to_read)
# Send it to the peer
self._sock.send(handshake_data_out)
len_to_read = self._network_bio.pending()
# Retrieve the server's response - directly read the underlying network socket
# Retrieve data until we get to the ServerHelloDone
# The server may send back a ServerHello, an Alert or a CertificateRequest first
did_receive_hello_done = False
remaining_bytes = b''
while not did_receive_hello_done:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except NotEnoughData:
# Try to get more data
raw_ssl_bytes = self._sock.recv(16381)
if not raw_ssl_bytes:
# No data?
break
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsHandshakeRecord):
# Does the record contain a ServerDone message?
for handshake_message in tls_record.subprotocol_messages:
if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE:
did_receive_hello_done = True
break
# If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth
elif isinstance(tls_record, TlsAlertRecord):
# Server returned a TLS alert
break
else:
raise ValueError('Unknown record? Type {}'.format(tls_record.header.type))
if did_receive_hello_done:
# Send a special Client Key Exchange Record as the payload
self._sock.send(self._robot_cke_record.to_bytes())
if self._robot_should_finish_handshake:
# Then send a CCS record
ccs_record = TlsChangeCipherSpecRecord.from_parameters(
tls_version=TlsVersionEnum[self._ssl_version.name]
)
self._sock.send(ccs_record.to_bytes())
# Lastly send a Finished record
finished_record_bytes = RobotTlsRecordPayloads.get_finished_record_bytes(self._ssl_version)
self._sock.send(finished_record_bytes)
# Return whatever the server sent back by raising an exception
# The goal is to detect similar/different responses
while True:
try:
tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes)
remaining_bytes = remaining_bytes[len_consumed::]
except NotEnoughData:
# Try to get more data
try:
raw_ssl_bytes = self._sock.recv(16381)
if not raw_ssl_bytes:
# No data?
raise ServerResponseToRobot('No data')
except socket.error as e:
# Server closed the connection after receiving the CCS payload
raise ServerResponseToRobot('socket.error {}'.format(str(e)))
remaining_bytes = remaining_bytes + raw_ssl_bytes
continue
if isinstance(tls_record, TlsAlertRecord):
raise ServerResponseToRobot('TLS Alert {} {}'.format(tls_record.alert_description,
tls_record.alert_severity))
else:
break
raise ServerResponseToRobot('Ok')
def to_record(submessage, kind=TlsRecordTypeByte.HANDSHAKE):
length = len(submessage.to_bytes())
header = TlsRecordHeader(kind, TlsVersionEnum.TLSV1_2, length)
return TlsRecord(header, [submessage])
n = 26291268813205434322264017466748383660040647755600543848624251974465755995834623218180037742778508414611242465409257439413238620403959218562238955554107925737539965183064915295406659060076514593158109171581422604838052326725553677917666879755304830586886767385735521865741957146540793164445625611286234400919075046731518309823286874711537644575001651290887617486902790534368773023951557030783584590073373669615189088933307093289766536677451123927748628328817030825436191116597946125295454084918949756290885636118310806568645403765413177707937259478469114598893484539794342873995545959578569194765181150639154994915921
e = 65537
key = RSA.construct((n,e))
signer = PKCS1_v1_5.new(key)
l = listen(4433)
r = l.wait_for_connection()
client_hello = r.recv()
client_hello = TlsRecordParser.parse_bytes(client_hello)[0]
client_random = client_hello.subprotocol_messages[0].handshake_data[2:2+4+28]
server_hello = bytes.fromhex("03030c885a93e1648a284b891c7ab5aa4778d691c9a5b8aae125ad6aa3ad317c09cb00c030000015ff01000100000b0004030001020023000000170000")
server_random = bytes.fromhex("0c885a93e1648a284b891c7ab5aa4778d691c9a5b8aae125ad6aa3ad317c09cb")
certs = bytes.fromhex("0003670003643082036030820248a003020102020900c74d63b60e7ac448300d06092a864886f70d01010b05003045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464301e170d3138303731373139343732385a170d3139303731373139343732385a3045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c746430820122300d06092a864886f70d01010105000382010f003082010a0282010100d04457e8382e43a8b2c9368fd3a0aa841cd98c52d848de3951111772b47e933edc7c61493780a962d87de4541777b700edd5c701b3e9cbd6133f4beea78bfb8e66264adca3d4b115bae86ad913fe520bd3a9ebbc58a32c6baae917440be5ff855c6b61dab162eaf247c52e58085fe3ae7b0dd925b407486a2e017e59671c93e917cdea2b88e76f386864084101c26c4755c2a04ea16b13ac99de2698f188e5276d91b0d10da936be8d350745530c52ae566a6f39abe026b20eb456ff7545932ce0a5a9ca77fbac90f81be99ac7a55716254571b9a6bf218365c20109529b357e7b9d8cad0593a8a40d628c238177ddf65768e30dc89ef4f4765944313290aa510203010001a3533051301d0603551d0e04160414318c23a9cd6c383b8a4beb056c2d342493466776301f0603551d23041830168014318c23a9cd6c383b8a4beb056c2d342493466776300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101000fdfc19b4615666803b65e6a1930980193e4f110f8f384756aac5242871964434a45904b4574501bd8456e134dcc12f3cc395d09078acf4e1c591de07fe015f41b05fd0930492dcb83b2dfcca03bdb589775f274b9379eab317bc473f75aaff7708219a33546bc44c149e55b640436f0d9879eb003df046e50cf01759c10290cd8d200c79ba50adbe8850647c49c040c0137a5136925ff41f78793cfeca7fed3d858b31c2d89182d30dd9641b0a2ddbbd80bf6e1e633a8fe2213ee1d27687f0b2a4241bca615ded6fd821276114be47cd331eaa640aeaf370b966b3e8a2ab9be4b1039e6a8a28decb8613585d8109f47971f3d5406c1b3defff65b14fd5282c0")
r.send(to_record(TlsHandshakeMessage(TlsHandshakeTypeByte.SERVER_HELLO, server_hello)).to_bytes())
r.send(to_record(TlsHandshakeMessage(TlsHandshakeTypeByte.CERTIFICATE, certs)).to_bytes())
privkey = ec.generate_private_key(ec.SECP256R1(), default_backend())
pubkey = privkey.public_key()
def curveparams():