Thanks Cory! That explains the issue so looks like the cipher being set by the client just that i need to server support.
Thanks, Karan. On Mon, Jul 3, 2017 at 7:35 AM, <cryptography-dev-requ...@python.org> wrote: > Send Cryptography-dev mailing list submissions to > cryptography-dev@python.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mail.python.org/mailman/listinfo/cryptography-dev > or, via email, send a message with subject or body 'help' to > cryptography-dev-requ...@python.org > > You can reach the person managing the list at > cryptography-dev-ow...@python.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Cryptography-dev digest..." > > > Today's Topics: > > 1. set_cipher_list() API Question (Karan karan) > 2. Re: set_cipher_list() API Question (Tristan Seligmann) > 3. Re: set_cipher_list() API Question (Karan karan) > 4. Re: set_cipher_list() API Question (Cory Benfield) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 3 Jul 2017 06:18:51 -0700 > From: Karan karan <karan7...@gmail.com> > To: cryptography-dev@python.org > Subject: [Cryptography-dev] set_cipher_list() API Question > Message-ID: > <CAKFSe+YD9YHZNzSC2oodU89hiMJGRDwySmg8 > y_uwsmjbajt...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Hi, > > I'm trying to set a specific cipher in the ('ECDHE-ECDSA-AES128-GCM- > SHA256') > the cipher list using the API: set_cipher_list but im getting the following > error : > > kjoshi@ubuntu64dev:~/openssl_playground$ python test_ex.py > ----------------------------------- > connected ('192.168.152.132', 443) > Traceback (most recent call last): > File "test_ex.py", line 83, in <module> > main() > File "test_ex.py", line 65, in main > cont, initial_session, ssl_conn, tcp_conn = create_ssl_connection() > File "test_ex.py", line 25, in create_ssl_connection > cont.set_cipher_list('ECDHE+ECDSA+AES128+GCM+SHA256') > File "build/bdist.linux-x86_64/egg/OpenSSL/SSL.py", line 975, in > set_cipher_list > File "build/bdist.linux-x86_64/egg/OpenSSL/_util.py", line 67, in > openssl_assert > File "build/bdist.linux-x86_64/egg/OpenSSL/_util.py", line 54, in > exception_from_error_queue > OpenSSL.SSL.Error: [('SSL routines', 'SSL_CTX_set_cipher_list', 'no cipher > match')] > > > Below is the code that i have: > > cont = Context(TLSv1_2_METHOD) > #cont.set_cipher_list('0xc00e') > #cont.set_cipher_list('ECDHE+ECDSA+AESGCM+SHA256') > #cont.set_cipher_list('ECDHE-ECDSA-AES128-GCM-SHA256') > cont.set_cipher_list('ECDHE+ECDSA+AES128+GCM+SHA256') > client_ssl = Connection(cont, client) > client_ssl.set_connect_state() > client_ssl.do_handshake() > session_ref = client_ssl.get_session() > > > As seen above i tried numerous combination of word separators (_,-,+) but > nothing seemed to have helped. > > I would appreciate if someone could please let me know on the usage of > this.I'm sure there must be a way of sending a specific cipher. > I'm performing a test on my local apache server. > > Thanks, > Karan. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://mail.python.org/pipermail/cryptography-dev/ > attachments/20170703/636a4ae8/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Mon, 03 Jul 2017 14:09:51 +0000 > From: Tristan Seligmann <mithra...@mithrandi.net> > To: cryptography-dev@python.org > Subject: Re: [Cryptography-dev] set_cipher_list() API Question > Message-ID: > <CAMcKhMRFBfJCV+24XOiCubLhV2ubu+Vt64LRr2HXYOaz=KawXA@mail. > gmail.com> > Content-Type: text/plain; charset="utf-8" > > On Mon, 3 Jul 2017 at 15:18 Karan karan <karan7...@gmail.com> wrote: > > > #cont.set_cipher_list('ECDHE-ECDSA-AES128-GCM-SHA256') > > > > I believe this is the correct spelling, and it works for me. Perhaps your > OpenSSL does not have this cipher compiled in? > > If you run `openssl ciphers ECDHE-ECDSA-AES128-GCM-SHA256` do you get an > error or successful cipher output? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://mail.python.org/pipermail/cryptography-dev/ > attachments/20170703/3bacbdab/attachment-0001.html> > > ------------------------------ > > Message: 3 > Date: Mon, 3 Jul 2017 07:11:57 -0700 > From: Karan karan <karan7...@gmail.com> > To: cryptography-dev@python.org > Subject: Re: [Cryptography-dev] set_cipher_list() API Question > Message-ID: > <CAKFSe+a+3_V2QcgmU3gzVu-Ei1Zz6wDFZZcV64CdmGuQjvpmiw@ > mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > I set : cont.set_cipher_list('ECDHE-ECDSA-AES128-GCM-SHA256') > > but i see the following error in the logs : > > connected ('**.**.**.**', 443) > Traceback (most recent call last): > File "test_ex.py", line 83, in <module> > main() > File "test_ex.py", line 65, in main > cont, initial_session, ssl_conn, tcp_conn = create_ssl_connection() > File "test_ex.py", line 33, in create_ssl_connection > client_ssl.do_handshake() > File "build/bdist.linux-x86_64/egg/OpenSSL/SSL.py", line 1638, in > do_handshake > File "build/bdist.linux-x86_64/egg/OpenSSL/SSL.py", line 1378, in > _raise_ssl_error > File "build/bdist.linux-x86_64/egg/OpenSSL/_util.py", line 54, in > exception_from_error_queue > OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert > handshake failure')] > > However when i see in the wireshark i do the following ciphers set in the > set client hello: > TLS_EMPTY_RENEGOTIATION_INFO_SCS and > 'ECDHE-ECDSA-AES128-GCM-SHA256. > > Im using TLS 1.2 not sure why its complaining about ssv3 protocol and using > and the TLS_EMPTY_RENEGOTIATION_INFO_SCS. > > I'd appreciate if someone could help out on it. > > Thanks, > Karan. > > > > On Mon, Jul 3, 2017 at 6:18 AM, Karan karan <karan7...@gmail.com> wrote: > > > Hi, > > > > I'm trying to set a specific cipher in the ('ECDHE-ECDSA-AES128-GCM- > SHA256') > > the cipher list using the API: set_cipher_list but im getting the > following > > error : > > > > kjoshi@ubuntu64dev:~/openssl_playground$ python test_ex.py > > ----------------------------------- > > connected ('192.168.152.132', 443) > > Traceback (most recent call last): > > File "test_ex.py", line 83, in <module> > > main() > > File "test_ex.py", line 65, in main > > cont, initial_session, ssl_conn, tcp_conn = create_ssl_connection() > > File "test_ex.py", line 25, in create_ssl_connection > > cont.set_cipher_list('ECDHE+ECDSA+AES128+GCM+SHA256') > > File "build/bdist.linux-x86_64/egg/OpenSSL/SSL.py", line 975, in > > set_cipher_list > > File "build/bdist.linux-x86_64/egg/OpenSSL/_util.py", line 67, in > > openssl_assert > > File "build/bdist.linux-x86_64/egg/OpenSSL/_util.py", line 54, in > > exception_from_error_queue > > OpenSSL.SSL.Error: [('SSL routines', 'SSL_CTX_set_cipher_list', 'no > cipher > > match')] > > > > > > Below is the code that i have: > > > > cont = Context(TLSv1_2_METHOD) > > #cont.set_cipher_list('0xc00e') > > #cont.set_cipher_list('ECDHE+ECDSA+AESGCM+SHA256') > > #cont.set_cipher_list('ECDHE-ECDSA-AES128-GCM-SHA256') > > cont.set_cipher_list('ECDHE+ECDSA+AES128+GCM+SHA256') > > client_ssl = Connection(cont, client) > > client_ssl.set_connect_state() > > client_ssl.do_handshake() > > session_ref = client_ssl.get_session() > > > > > > As seen above i tried numerous combination of word separators (_,-,+) but > > nothing seemed to have helped. > > > > I would appreciate if someone could please let me know on the usage of > > this.I'm sure there must be a way of sending a specific cipher. > > I'm performing a test on my local apache server. > > > > Thanks, > > Karan. > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://mail.python.org/pipermail/cryptography-dev/ > attachments/20170703/c9b5c40a/attachment-0001.html> > > ------------------------------ > > Message: 4 > Date: Mon, 3 Jul 2017 15:34:57 +0100 > From: Cory Benfield <c...@lukasa.co.uk> > To: cryptography-dev@python.org > Subject: Re: [Cryptography-dev] set_cipher_list() API Question > Message-ID: <31b04af2-8b9a-416c-bd0c-f7ad6527b...@lukasa.co.uk> > Content-Type: text/plain; charset="utf-8" > > The ?sslv3? text is misleading: it simply relates to the way the OpenSSL > internals are structured. Similarly, TLS_EMPTY_RENEGOTIATION_INFO_SCSV is > a ?dummy? cipher suite used to signal to the server that renegotiation > using RFC 5746 is supported: it?s not an actual cipher suite. > > This error is almost certainly due to the remote server not having an > ECDSA certificate. When you say ECDHE-ECDSA-AES128-GCM-SHA256 you make it > entirely impossible to interoperate with servers that use RSA certificates, > which is probably not what you want to do. A more useful cipher suite > string is "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256?, > which includes both the ECDSA and RSA variants of this cipher suite. > > Cory > > > On 3 Jul 2017, at 15:11, Karan karan <karan7...@gmail.com> wrote: > > > > I set : cont.set_cipher_list('ECDHE-ECDSA-AES128-GCM-SHA256') > > > > but i see the following error in the logs : > > > > connected ('**.**.**.**', 443) > > Traceback (most recent call last): > > File "test_ex.py", line 83, in <module> > > main() > > File "test_ex.py", line 65, in main > > cont, initial_session, ssl_conn, tcp_conn = create_ssl_connection() > > File "test_ex.py", line 33, in create_ssl_connection > > client_ssl.do_handshake() > > File "build/bdist.linux-x86_64/egg/OpenSSL/SSL.py", line 1638, in > do_handshake > > File "build/bdist.linux-x86_64/egg/OpenSSL/SSL.py", line 1378, in > _raise_ssl_error > > File "build/bdist.linux-x86_64/egg/OpenSSL/_util.py", line 54, in > exception_from_error_queue > > OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert > handshake failure')] > > > > However when i see in the wireshark i do the following ciphers set in > the set client hello: > > TLS_EMPTY_RENEGOTIATION_INFO_SCS and > > 'ECDHE-ECDSA-AES128-GCM-SHA256. > > > > Im using TLS 1.2 not sure why its complaining about ssv3 protocol and > using and the TLS_EMPTY_RENEGOTIATION_INFO_SCS. > > > > I'd appreciate if someone could help out on it. > > > > Thanks, > > Karan. > > > > > > > > On Mon, Jul 3, 2017 at 6:18 AM, Karan karan <karan7...@gmail.com > <mailto:karan7...@gmail.com>> wrote: > > Hi, > > > > I'm trying to set a specific cipher in the ('ECDHE-ECDSA-AES128-GCM-SHA256') > the cipher list using the API: set_cipher_list but im getting the following > error : > > > > kjoshi@ubuntu64dev:~/openssl_playground$ python test_ex.py > > ----------------------------------- > > connected ('192.168.152.132', 443) > > Traceback (most recent call last): > > File "test_ex.py", line 83, in <module> > > main() > > File "test_ex.py", line 65, in main > > cont, initial_session, ssl_conn, tcp_conn = create_ssl_connection() > > File "test_ex.py", line 25, in create_ssl_connection > > cont.set_cipher_list('ECDHE+ECDSA+AES128+GCM+SHA256') > > File "build/bdist.linux-x86_64/egg/OpenSSL/SSL.py", line 975, in > set_cipher_list > > File "build/bdist.linux-x86_64/egg/OpenSSL/_util.py", line 67, in > openssl_assert > > File "build/bdist.linux-x86_64/egg/OpenSSL/_util.py", line 54, in > exception_from_error_queue > > OpenSSL.SSL.Error: [('SSL routines', 'SSL_CTX_set_cipher_list', 'no > cipher match')] > > > > > > Below is the code that i have: > > > > cont = Context(TLSv1_2_METHOD) > > #cont.set_cipher_list('0xc00e') > > #cont.set_cipher_list('ECDHE+ECDSA+AESGCM+SHA256') > > #cont.set_cipher_list('ECDHE-ECDSA-AES128-GCM-SHA256') > > cont.set_cipher_list('ECDHE+ECDSA+AES128+GCM+SHA256') > > client_ssl = Connection(cont, client) > > client_ssl.set_connect_state() > > client_ssl.do_handshake() > > session_ref = client_ssl.get_session() > > > > > > As seen above i tried numerous combination of word separators (_,-,+) > but nothing seemed to have helped. > > > > I would appreciate if someone could please let me know on the usage of > this.I'm sure there must be a way of sending a specific cipher. > > I'm performing a test on my local apache server. > > > > Thanks, > > Karan. > > > > > > _______________________________________________ > > Cryptography-dev mailing list > > Cryptography-dev@python.org > > https://mail.python.org/mailman/listinfo/cryptography-dev > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://mail.python.org/pipermail/cryptography-dev/ > attachments/20170703/d372ca6f/attachment.html> > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > > ------------------------------ > > End of Cryptography-dev Digest, Vol 48, Issue 1 > *********************************************** >
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
