def configure_http2_server(listen_port, server_port, https_pem): # Let's set up SSL. This is a lot of work in PyOpenSSL. options = (SSL.OP_NO_COMPRESSION | SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_NO_TLSv1 | SSL.OP_NO_TLSv1_1) # Keep things TSL1_2 and non-ECDH in case tester wants to decrypt the traffic # in wireshark with the pem key. context = SSL.Context(SSL.TLSv1_2_METHOD) context.set_options(options) context.set_verify(SSL.VERIFY_NONE, lambda *args: True) context.use_privatekey_file(https_pem) context.use_certificate_file(https_pem) context.set_npn_advertise_callback(npn_advertise_cb) context.set_alpn_select_callback(alpn_callback) context.set_cipher_list("RSA+AESGCM") context.set_tmp_ecdh(crypto.get_elliptic_curve(u'prime256v1')) server = eventlet.listen(('0.0.0.0', listen_port)) server = SSL.Connection(context, server) print("Serving HTTP/2 Proxy on {}:{} with pem '{}', forwarding to {}:{}". format("127.0.0.1", listen_port, https_pem, "127.0.0.1", server_port)) pool = eventlet.GreenPool() while True: try: new_sock, _ = server.accept() manager = Http2ConnectionManager(new_sock) manager.server_port = server_port manager.cert_file = https_pem pool.spawn_n(manager.run_forever) except (SystemExit, KeyboardInterrupt): break
def configure_http2_server(listen_port, server_port, https_pem, ca_pem, h2_to_server=False): # Let's set up SSL. This is a lot of work in PyOpenSSL. options = (SSL.OP_NO_COMPRESSION | SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_NO_TLSv1 | SSL.OP_NO_TLSv1_1) # Keep things TSL1_2 and non-ECDH in case tester wants to decrypt the traffic # in wireshark with the pem key. context = SSL.Context(SSL.TLSv1_2_METHOD) context.set_options(options) context.set_verify(SSL.VERIFY_NONE, lambda *args: True) context.use_privatekey_file(https_pem) context.use_certificate_file(https_pem) context.set_alpn_select_callback(alpn_callback) context.set_tlsext_servername_callback(servername_callback) context.set_cipher_list("RSA+AESGCM") context.set_tmp_ecdh(crypto.get_elliptic_curve('prime256v1')) server = eventlet.listen(('0.0.0.0', listen_port)) server = SSL.Connection(context, server) server_side_proto = "HTTP/2" if h2_to_server else "HTTP/1.x" print(f"Serving HTTP/2 Proxy on 127.0.0.1:{listen_port} with pem " f"'{https_pem}', forwarding to 127.0.0.1:{server_port} via " f"{server_side_proto}") pool = eventlet.GreenPool() while True: try: new_sock, _ = server.accept() manager = Http2ConnectionManager(new_sock, h2_to_server) manager.server_port = server_port manager.cert_file = https_pem manager.ca_file = ca_pem pool.spawn_n(manager.run_forever) except KeyboardInterrupt as e: # The calling test_proxy.py will handle this. print("Handling KeyboardInterrupt") raise e except SystemExit: break
from h2pubsub import Client from eventlet.green.OpenSSL import SSL, crypto def alpn_callback(conn, protocols): if b'h2' in protocols: return b'h2' raise RuntimeError('No acceptable protocol offered!') def npn_advertise_cb(conn): return [b'h2'] context = SSL.Context(SSL.SSLv23_METHOD) context.set_verify(SSL.VERIFY_NONE, lambda *args: True) context.use_privatekey_file('server.key') context.use_certificate_file('server.crt') context.set_npn_advertise_callback(npn_advertise_cb) context.set_alpn_select_callback(alpn_callback) context.set_cipher_list('ECDHE+AESGCM') context.set_tmp_ecdh(crypto.get_elliptic_curve(u'prime256v1')) client = Client(address='localhost', port=443, ssl_context=context) client.subscribe('/test') while True: print(client.receive())
options = ( SSL.OP_NO_COMPRESSION | SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_NO_TLSv1 | SSL.OP_NO_TLSv1_1 ) context = SSL.Context(SSL.SSLv23_METHOD) context.set_options(options) context.set_verify(SSL.VERIFY_NONE, lambda *args: True) context.use_privatekey_file('server.key') context.use_certificate_file('server.crt') context.set_npn_advertise_callback(npn_advertise_cb) context.set_alpn_select_callback(alpn_callback) context.set_cipher_list( "ECDHE+AESGCM" ) context.set_tmp_ecdh(crypto.get_elliptic_curve(u'prime256v1')) server = eventlet.listen(('0.0.0.0', 443)) server = SSL.Connection(context, server) pool = eventlet.GreenPool() while True: try: new_sock, _ = server.accept() manager = ConnectionManager(new_sock) pool.spawn_n(manager.run_forever) except (SystemExit, KeyboardInterrupt): break