def do_handshake_with_robot(self): # type: ignore """Modified do_handshake() to send a ROBOT payload and return the result. """ try: # Start the handshake using nassl - will throw WantReadError right away self._ssl.do_handshake() except WantReadError: # Send the Client Hello len_to_read = self._network_bio.pending() while len_to_read: # Get the data from the SSL engine handshake_data_out = self._network_bio.read(len_to_read) # Send it to the peer self._sock.send(handshake_data_out) len_to_read = self._network_bio.pending() # Retrieve the server's response - directly read the underlying network socket # Retrieve data until we get to the ServerHelloDone # The server may send back a ServerHello, an Alert or a CertificateRequest first did_receive_hello_done = False remaining_bytes = b"" while not did_receive_hello_done: try: tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except NotEnoughData: # Try to get more data raw_ssl_bytes = self._sock.recv(16381) if not raw_ssl_bytes: # No data? break remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsHandshakeRecord): # Does the record contain a ServerDone message? for handshake_message in tls_record.subprotocol_messages: if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE: did_receive_hello_done = True break # If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth elif isinstance(tls_record, TlsAlertRecord): # Server returned a TLS alert break else: raise ValueError("Unknown record? Type {}".format(tls_record.header.type)) if did_receive_hello_done: # Send a special Client Key Exchange Record as the payload self._sock.send(self._robot_cke_record.to_bytes()) if self._robot_should_finish_handshake: # Then send a CCS record ccs_record = TlsChangeCipherSpecRecord.from_parameters( tls_version=tls_parser.tls_version.TlsVersionEnum[self._ssl_version.name] ) self._sock.send(ccs_record.to_bytes()) # Lastly send a Finished record finished_record_bytes = _RobotTlsRecordPayloads.get_finished_record_bytes(self._ssl_version) self._sock.send(finished_record_bytes) # Return whatever the server sent back by raising an exception # The goal is to detect similar/different responses while True: try: tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except NotEnoughData: # Try to get more data try: raw_ssl_bytes = self._sock.recv(16381) if not raw_ssl_bytes: # No data? raise ServerResponseToRobot("No data") except socket.error as e: # Server closed the connection after receiving the CCS payload raise ServerResponseToRobot("socket.error {}".format(str(e))) remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsAlertRecord): raise ServerResponseToRobot( "TLS Alert {} {}".format(tls_record.alert_description, tls_record.alert_severity) ) else: break raise ServerResponseToRobot("Ok")
def do_handshake_with_heartbleed(self): """Modified do_handshake() to send a heartbleed payload and return the result. """ try: # Start the handshake using nassl - will throw WantReadError right away self._ssl.do_handshake() except WantReadError: # Send the Client Hello len_to_read = self._network_bio.pending() while len_to_read: # Get the data from the SSL engine handshake_data_out = self._network_bio.read(len_to_read) # Send it to the peer self._sock.send(handshake_data_out) len_to_read = self._network_bio.pending() # Build the heartbleed payload - based on # https://blog.mozilla.org/security/2014/04/12/testing-for-heartbleed-vulnerability-without-exploiting-the-server/ payload = TlsHeartbeatRequestRecord.from_parameters( tls_version=TlsVersionEnum[self._ssl_version.name], heartbeat_data=b'\x01' * 16381 ).to_bytes() payload += TlsHeartbeatRequestRecord.from_parameters( TlsVersionEnum[self._ssl_version.name], heartbeat_data=b'\x01\x00\x00' ).to_bytes() # Send the payload self._sock.send(payload) # Retrieve the server's response - directly read the underlying network socket # Retrieve data until we get to the ServerHelloDone # The server may send back a ServerHello, an Alert or a CertificateRequest first did_receive_hello_done = False remaining_bytes = b'' while not did_receive_hello_done: try: tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except NotEnoughData: # Try to get more data raw_ssl_bytes = self._sock.recv(16381) if not raw_ssl_bytes: # No data? break remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsServerHelloDoneRecord): did_receive_hello_done = True elif isinstance(tls_record, TlsHandshakeRecord): # Could be a ServerHello, a Certificate or a CertificateRequest if the server requires client auth pass elif isinstance(tls_record, TlsAlertRecord): # Server returned a TLS alert break else: raise ValueError('Unknown record? Type {}'.format(tls_record.header.type)) is_vulnerable_to_heartbleed = False if did_receive_hello_done: expected_heartbleed_payload = b'\x01' * 10 if expected_heartbleed_payload in remaining_bytes: # Server replied with our hearbeat payload is_vulnerable_to_heartbleed = True else: try: raw_ssl_bytes = self._sock.recv(16381) except socket.error: # Server closed the connection after receiving the heartbleed payload raise NotVulnerableToHeartbleed() if expected_heartbleed_payload in raw_ssl_bytes: # Server replied with our hearbeat payload is_vulnerable_to_heartbleed = True if is_vulnerable_to_heartbleed: raise VulnerableToHeartbleed() else: raise NotVulnerableToHeartbleed()
def _do_handshake_with_ccs_injection(self): # type: ignore """Modified do_handshake() to send a CCS injection payload and return the result. """ try: # Start the handshake using nassl - will throw WantReadError right away self._ssl.do_handshake() except WantReadError: # Send the Client Hello len_to_read = self._network_bio.pending() while len_to_read: # Get the data from the SSL engine handshake_data_out = self._network_bio.read(len_to_read) # Send it to the peer self._sock.send(handshake_data_out) len_to_read = self._network_bio.pending() # Retrieve the server's response - directly read the underlying network socket # Retrieve data until we get to the ServerHelloDone # The server may send back a ServerHello, an Alert or a CertificateRequest first did_receive_hello_done = False remaining_bytes = b"" while not did_receive_hello_done: try: tls_record, len_consumed = TlsRecordParser.parse_bytes( remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except NotEnoughData: # Try to get more data raw_ssl_bytes = self._sock.recv(16381) if not raw_ssl_bytes: # No data? break remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsHandshakeRecord): # Does the record contain a ServerDone message? for handshake_message in tls_record.subprotocol_messages: if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE: did_receive_hello_done = True break # If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth elif isinstance(tls_record, TlsAlertRecord): # Server returned a TLS alert break else: raise ValueError("Unknown record? Type {}".format( tls_record.header.type)) if did_receive_hello_done: # Send an early CCS record - this should be rejected by the server payload = TlsChangeCipherSpecRecord.from_parameters( tls_version=tls_parser.tls_version.TlsVersionEnum[ self._ssl_version.name]).to_bytes() self._sock.send(payload) # Send an early application data record which should be ignored by the server app_data_record = TlsApplicationDataRecord.from_parameters( tls_version=tls_parser.tls_version.TlsVersionEnum[ self._ssl_version.name], application_data=b"\x00\x00") self._sock.send(app_data_record.to_bytes()) # Check if an alert was sent back while True: try: tls_record, len_consumed = TlsRecordParser.parse_bytes( remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except NotEnoughData: # Try to get more data try: raw_ssl_bytes = self._sock.recv(16381) if not raw_ssl_bytes: # No data? raise _NotVulnerableToCcsInjection() except socket.error: # Server closed the connection after receiving the CCS payload raise _NotVulnerableToCcsInjection() remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsAlertRecord): # Server returned a TLS alert but which one? if tls_record.alert_description == 0x14: # BAD_RECORD_MAC: This means that the server actually tried to decrypt our early application data # record instead of ignoring it; server is vulnerable raise _VulnerableToCcsInjection() # Any other alert means that the server rejected the early CCS record raise _NotVulnerableToCcsInjection() else: break raise _NotVulnerableToCcsInjection()
def _do_handshake_with_heartbleed(self): # type: ignore """Modified do_handshake() to send a heartbleed payload and return the result.""" try: # Start the handshake using nassl - will throw WantReadError right away self._ssl.do_handshake() except WantReadError: # Send the Client Hello len_to_read = self._network_bio.pending() while len_to_read: # Get the data from the SSL engine handshake_data_out = self._network_bio.read(len_to_read) # Send it to the peer self._sock.send(handshake_data_out) len_to_read = self._network_bio.pending() # Build the heartbleed payload - based on # https://blog.mozilla.org/security/2014/04/12/testing-for-heartbleed-vulnerability-without-exploiting-the-server/ payload = TlsHeartbeatRequestRecord.from_parameters( tls_version=tls_parser.record_protocol.TlsVersionEnum[ self._ssl_version.name], heartbeat_data=b"\x01" * 16381).to_bytes() payload += TlsHeartbeatRequestRecord.from_parameters( tls_parser.record_protocol.TlsVersionEnum[self._ssl_version.name], heartbeat_data=b"\x01\x00\x00").to_bytes() # Send the payload self._sock.send(payload) # Retrieve the server's response - directly read the underlying network socket # Retrieve data until we get to the ServerHelloDone # The server may send back a ServerHello, an Alert, a CertificateRequest or may just close the connection did_receive_hello_done = False remaining_bytes = b"" while not did_receive_hello_done: try: tls_record, len_consumed = TlsRecordParser.parse_bytes( remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except UnknownTlsVersionByte as e: # Workaround for Amazon Cloudfront; see https://github.com/nabla-c0d3/sslyze/issues/437 if e.record_type == tls_parser.record_protocol.TlsRecordTypeByte.ALERT: # Server returned a (badly-formatted) TLS alert because it requires SNI # Hence the server uses a modern TLS stack and is not vulnerable raise _NotVulnerableToHeartbleed() else: raise except NotEnoughData: # Try to get more data try: raw_ssl_bytes = self._sock.recv(16381) except socket.error: # Server closed the connection as soon as it received the Heartbleed payload raise _NotVulnerableToHeartbleed() if not raw_ssl_bytes: # No data? raise _NotVulnerableToHeartbleed() remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsHandshakeRecord): # Does the record contain a ServerDone message? for handshake_message in tls_record.subprotocol_messages: if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE: did_receive_hello_done = True break # If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth elif isinstance(tls_record, TlsAlertRecord): # Server returned a TLS alert break else: raise ValueError("Unknown record? Type {}".format( tls_record.header.type)) is_vulnerable_to_heartbleed = False if did_receive_hello_done: expected_heartbleed_payload = b"\x01" * 10 if expected_heartbleed_payload in remaining_bytes: # Server replied with our heartbeat payload is_vulnerable_to_heartbleed = True else: try: raw_ssl_bytes = self._sock.recv(16381) except socket.error: # Server closed the connection after receiving the heartbleed payload raise _NotVulnerableToHeartbleed() if expected_heartbleed_payload in raw_ssl_bytes: # Server replied with our heartbeat payload is_vulnerable_to_heartbleed = True if is_vulnerable_to_heartbleed: raise _VulnerableToHeartbleed() else: raise _NotVulnerableToHeartbleed()
def do_handshake_with_heartbleed(self): """Modified do_handshake() to send a heartbleed payload and return the result. """ try: # Start the handshake using nassl - will throw WantReadError right away self._ssl.do_handshake() except WantReadError: # Send the Client Hello len_to_read = self._network_bio.pending() while len_to_read: # Get the data from the SSL engine handshake_data_out = self._network_bio.read(len_to_read) # Send it to the peer self._sock.send(handshake_data_out) len_to_read = self._network_bio.pending() # Build the heartbleed payload - based on # https://blog.mozilla.org/security/2014/04/12/testing-for-heartbleed-vulnerability-without-exploiting-the-server/ payload = TlsHeartbeatRequestRecord.from_parameters( tls_version=TlsVersionEnum[self._ssl_version.name], heartbeat_data=b'\x01' * 16381 ).to_bytes() payload += TlsHeartbeatRequestRecord.from_parameters( TlsVersionEnum[self._ssl_version.name], heartbeat_data=b'\x01\x00\x00' ).to_bytes() # Send the payload self._sock.send(payload) # Retrieve the server's response - directly read the underlying network socket # Retrieve data until we get to the ServerHelloDone # The server may send back a ServerHello, an Alert, a CertificateRequest or may just close the connection did_receive_hello_done = False remaining_bytes = b'' while not did_receive_hello_done: try: tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except NotEnoughData: # Try to get more data try: raw_ssl_bytes = self._sock.recv(16381) except socket.error: # Server closed the connection as soon as it received the Heartbleed payload raise NotVulnerableToHeartbleed() if not raw_ssl_bytes: # No data? raise NotVulnerableToHeartbleed() remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsHandshakeRecord): # Does the record contain a ServerDone message? for handshake_message in tls_record.subprotocol_messages: if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE: did_receive_hello_done = True break # If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth elif isinstance(tls_record, TlsAlertRecord): # Server returned a TLS alert break else: raise ValueError('Unknown record? Type {}'.format(tls_record.header.type)) is_vulnerable_to_heartbleed = False if did_receive_hello_done: expected_heartbleed_payload = b'\x01' * 10 if expected_heartbleed_payload in remaining_bytes: # Server replied with our hearbeat payload is_vulnerable_to_heartbleed = True else: try: raw_ssl_bytes = self._sock.recv(16381) except socket.error: # Server closed the connection after receiving the heartbleed payload raise NotVulnerableToHeartbleed() if expected_heartbleed_payload in raw_ssl_bytes: # Server replied with our hearbeat payload is_vulnerable_to_heartbleed = True if is_vulnerable_to_heartbleed: raise VulnerableToHeartbleed() else: raise NotVulnerableToHeartbleed()
def do_handshake_with_ccs_injection(self): # type: ignore """Modified do_handshake() to send a CCS injection payload and return the result. """ try: # Start the handshake using nassl - will throw WantReadError right away self._ssl.do_handshake() except WantReadError: # Send the Client Hello len_to_read = self._network_bio.pending() while len_to_read: # Get the data from the SSL engine handshake_data_out = self._network_bio.read(len_to_read) # Send it to the peer self._sock.send(handshake_data_out) len_to_read = self._network_bio.pending() # Retrieve the server's response - directly read the underlying network socket # Retrieve data until we get to the ServerHelloDone # The server may send back a ServerHello, an Alert or a CertificateRequest first did_receive_hello_done = False remaining_bytes = b'' while not did_receive_hello_done: try: tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except NotEnoughData: # Try to get more data raw_ssl_bytes = self._sock.recv(16381) if not raw_ssl_bytes: # No data? break remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsHandshakeRecord): # Does the record contain a ServerDone message? for handshake_message in tls_record.subprotocol_messages: if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE: did_receive_hello_done = True break # If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth elif isinstance(tls_record, TlsAlertRecord): # Server returned a TLS alert break else: raise ValueError('Unknown record? Type {}'.format(tls_record.header.type)) if did_receive_hello_done: # Send an early CCS record - this should be rejected by the server payload = TlsChangeCipherSpecRecord.from_parameters( tls_version=TlsVersionEnum[self._ssl_version.name]).to_bytes() self._sock.send(payload) # Send an early application data record which should be ignored by the server app_data_record = TlsApplicationDataRecord.from_parameters(tls_version=TlsVersionEnum[self._ssl_version.name], application_data=b'\x00\x00') self._sock.send(app_data_record.to_bytes()) # Check if an alert was sent back while True: try: tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except NotEnoughData: # Try to get more data try: raw_ssl_bytes = self._sock.recv(16381) if not raw_ssl_bytes: # No data? raise NotVulnerableToCcsInjection() except socket.error: # Server closed the connection after receiving the CCS payload raise NotVulnerableToCcsInjection() remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsAlertRecord): # Server returned a TLS alert but which one? if tls_record.alert_description == 0x14: # BAD_RECORD_MAC: This means that the server actually tried to decrypt our early application data # record instead of ignoring it; server is vulnerable raise VulnerableToCcsInjection() # Any other alert means that the server rejected the early CCS record raise NotVulnerableToCcsInjection() else: break raise NotVulnerableToCcsInjection()
def do_handshake_with_robot(self): """Modified do_handshake() to send a ROBOT payload and return the result. """ try: # Start the handshake using nassl - will throw WantReadError right away self._ssl.do_handshake() except WantReadError: # Send the Client Hello len_to_read = self._network_bio.pending() while len_to_read: # Get the data from the SSL engine handshake_data_out = self._network_bio.read(len_to_read) # Send it to the peer self._sock.send(handshake_data_out) len_to_read = self._network_bio.pending() # Retrieve the server's response - directly read the underlying network socket # Retrieve data until we get to the ServerHelloDone # The server may send back a ServerHello, an Alert or a CertificateRequest first did_receive_hello_done = False remaining_bytes = b'' while not did_receive_hello_done: try: tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except NotEnoughData: # Try to get more data raw_ssl_bytes = self._sock.recv(16381) if not raw_ssl_bytes: # No data? break remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsHandshakeRecord): # Does the record contain a ServerDone message? for handshake_message in tls_record.subprotocol_messages: if handshake_message.handshake_type == TlsHandshakeTypeByte.SERVER_DONE: did_receive_hello_done = True break # If not, it could be a ServerHello, Certificate or a CertificateRequest if the server requires client auth elif isinstance(tls_record, TlsAlertRecord): # Server returned a TLS alert break else: raise ValueError('Unknown record? Type {}'.format(tls_record.header.type)) if did_receive_hello_done: # Send a special Client Key Exchange Record as the payload self._sock.send(self._robot_cke_record.to_bytes()) if self._robot_should_finish_handshake: # Then send a CCS record ccs_record = TlsChangeCipherSpecRecord.from_parameters( tls_version=TlsVersionEnum[self._ssl_version.name] ) self._sock.send(ccs_record.to_bytes()) # Lastly send a Finished record finished_record_bytes = RobotTlsRecordPayloads.get_finished_record_bytes(self._ssl_version) self._sock.send(finished_record_bytes) # Return whatever the server sent back by raising an exception # The goal is to detect similar/different responses while True: try: tls_record, len_consumed = TlsRecordParser.parse_bytes(remaining_bytes) remaining_bytes = remaining_bytes[len_consumed::] except NotEnoughData: # Try to get more data try: raw_ssl_bytes = self._sock.recv(16381) if not raw_ssl_bytes: # No data? raise ServerResponseToRobot('No data') except socket.error as e: # Server closed the connection after receiving the CCS payload raise ServerResponseToRobot('socket.error {}'.format(str(e))) remaining_bytes = remaining_bytes + raw_ssl_bytes continue if isinstance(tls_record, TlsAlertRecord): raise ServerResponseToRobot('TLS Alert {} {}'.format(tls_record.alert_description, tls_record.alert_severity)) else: break raise ServerResponseToRobot('Ok')
def to_record(submessage, kind=TlsRecordTypeByte.HANDSHAKE): length = len(submessage.to_bytes()) header = TlsRecordHeader(kind, TlsVersionEnum.TLSV1_2, length) return TlsRecord(header, [submessage]) n = 26291268813205434322264017466748383660040647755600543848624251974465755995834623218180037742778508414611242465409257439413238620403959218562238955554107925737539965183064915295406659060076514593158109171581422604838052326725553677917666879755304830586886767385735521865741957146540793164445625611286234400919075046731518309823286874711537644575001651290887617486902790534368773023951557030783584590073373669615189088933307093289766536677451123927748628328817030825436191116597946125295454084918949756290885636118310806568645403765413177707937259478469114598893484539794342873995545959578569194765181150639154994915921 e = 65537 key = RSA.construct((n,e)) signer = PKCS1_v1_5.new(key) l = listen(4433) r = l.wait_for_connection() client_hello = r.recv() client_hello = TlsRecordParser.parse_bytes(client_hello)[0] client_random = client_hello.subprotocol_messages[0].handshake_data[2:2+4+28] server_hello = bytes.fromhex("03030c885a93e1648a284b891c7ab5aa4778d691c9a5b8aae125ad6aa3ad317c09cb00c030000015ff01000100000b0004030001020023000000170000") server_random = bytes.fromhex("0c885a93e1648a284b891c7ab5aa4778d691c9a5b8aae125ad6aa3ad317c09cb") certs = bytes.fromhex("0003670003643082036030820248a003020102020900c74d63b60e7ac448300d06092a864886f70d01010b05003045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464301e170d3138303731373139343732385a170d3139303731373139343732385a3045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c746430820122300d06092a864886f70d01010105000382010f003082010a0282010100d04457e8382e43a8b2c9368fd3a0aa841cd98c52d848de3951111772b47e933edc7c61493780a962d87de4541777b700edd5c701b3e9cbd6133f4beea78bfb8e66264adca3d4b115bae86ad913fe520bd3a9ebbc58a32c6baae917440be5ff855c6b61dab162eaf247c52e58085fe3ae7b0dd925b407486a2e017e59671c93e917cdea2b88e76f386864084101c26c4755c2a04ea16b13ac99de2698f188e5276d91b0d10da936be8d350745530c52ae566a6f39abe026b20eb456ff7545932ce0a5a9ca77fbac90f81be99ac7a55716254571b9a6bf218365c20109529b357e7b9d8cad0593a8a40d628c238177ddf65768e30dc89ef4f4765944313290aa510203010001a3533051301d0603551d0e04160414318c23a9cd6c383b8a4beb056c2d342493466776301f0603551d23041830168014318c23a9cd6c383b8a4beb056c2d342493466776300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101000fdfc19b4615666803b65e6a1930980193e4f110f8f384756aac5242871964434a45904b4574501bd8456e134dcc12f3cc395d09078acf4e1c591de07fe015f41b05fd0930492dcb83b2dfcca03bdb589775f274b9379eab317bc473f75aaff7708219a33546bc44c149e55b640436f0d9879eb003df046e50cf01759c10290cd8d200c79ba50adbe8850647c49c040c0137a5136925ff41f78793cfeca7fed3d858b31c2d89182d30dd9641b0a2ddbbd80bf6e1e633a8fe2213ee1d27687f0b2a4241bca615ded6fd821276114be47cd331eaa640aeaf370b966b3e8a2ab9be4b1039e6a8a28decb8613585d8109f47971f3d5406c1b3defff65b14fd5282c0") r.send(to_record(TlsHandshakeMessage(TlsHandshakeTypeByte.SERVER_HELLO, server_hello)).to_bytes()) r.send(to_record(TlsHandshakeMessage(TlsHandshakeTypeByte.CERTIFICATE, certs)).to_bytes()) privkey = ec.generate_private_key(ec.SECP256R1(), default_backend()) pubkey = privkey.public_key() def curveparams():