def test_get_dh_info_ecdh_x25519(self): with ModernOpenSslServer(cipher="ECDHE-RSA-AES256-SHA", groups="X25519") as server: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect((server.hostname, server.port)) ssl_client = SslClient( ssl_version=OpenSslVersionEnum.TLSV1_2, underlying_socket=sock, ssl_verify=OpenSslVerifyEnum.NONE, ) try: ssl_client.do_handshake() finally: ssl_client.shutdown() dh_info = ssl_client.get_ephemeral_key() assert isinstance(dh_info, EcDhEphemeralKeyInfo) assert dh_info.type == OpenSslEvpPkeyEnum.X25519 assert dh_info.size == 253 assert dh_info.curve == OpenSslEcNidEnum.X25519 assert len(dh_info.public_bytes) == 32
def test_set_groups_curve_x448(self): # Given a server that supports a bunch of curves with ModernOpenSslServer( cipher="ECDHE-RSA-AES256-SHA", groups="X25519:prime256v1:X448:secp384r1:secp192k1") as server: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect((server.hostname, server.port)) # And a client that only supports a specific curve: X448 ssl_client = SslClient( ssl_version=OpenSslVersionEnum.TLSV1_2, underlying_socket=sock, ssl_verify=OpenSslVerifyEnum.NONE, ) configured_curve = OpenSslEcNidEnum.X448 ssl_client.set_groups([configured_curve]) # When the client connects to the server try: ssl_client.do_handshake() finally: ssl_client.shutdown() # The curve enabled in the client is the one that was used dh_info = ssl_client.get_ephemeral_key() assert isinstance(dh_info, EcDhEphemeralKeyInfo) assert dh_info.curve == configured_curve assert dh_info.type == OpenSslEvpPkeyEnum.X448 assert dh_info.size == 448 assert len(dh_info.public_bytes) == 56
ssl_verify=OpenSslVerifyEnum.PEER, ssl_verify_locations=mozilla_store, ) ssl_client.set_tlsext_status_ocsp() ssl_client.do_handshake() print("Received certificate chain") for pem_cert in ssl_client.get_received_chain(): print(pem_cert) print("Verified certificate chain") for pem_cert in ssl_client.get_verified_chain(): print(pem_cert) ocsp_resp = ssl_client.get_tlsext_status_ocsp_resp() if ocsp_resp: print("OCSP Stapling") verify_ocsp_response(ocsp_resp, Path(mozilla_store)) print("\nCipher suite") print(ssl_client.get_current_cipher_name()) print("\nEphemeral Key") print(ssl_client.get_ephemeral_key()) print("\nHTTP response") ssl_client.write( f"GET / HTTP/1.0\r\nUser-Agent: Test\r\nHost: {hostname}\r\n\r\n".encode( "ascii")) print(ssl_client.read(2048))