将Twisted中的TLS版本设置为1.2返回OpenSSL错误
这是我的扭曲反应堆:将Twisted中的TLS版本设置为1.2返回OpenSSL错误,openssl,twisted,tls1.2,Openssl,Twisted,Tls1.2,这是我的扭曲反应堆: def main(): """Main reactor block, with SSL""" with open('configs/ssl/my_certificate.pem') as f: certdata = f.read() certificate = ssl.PrivateCertificate.loadPEM(certdata) # Previously the options were generated b
def main():
"""Main reactor block, with SSL"""
with open('configs/ssl/my_certificate.pem') as f:
certdata = f.read()
certificate = ssl.PrivateCertificate.loadPEM(certdata)
# Previously the options were generated by: certificate.options()
options = ssl.CertificateOptions(privateKey=certificate.privateKey.original,
certificate=certificate.original,
raiseMinimumTo=ssl.TLSVersion.TLSv1_2,
lowerMaximumSecurityTo=ssl.TLSVersion.TLSv1_2)
factory = protocol.Factory.forProtocol(GMP)
reactor.listenSSL(6060, factory, options)
return defer.Deferred()
您可以看到,我试图将TLS版本设置为仅允许1_2,但我未能实现这一点。以前,我没有指定额外的证书选项,而是使用了certificate.options()
,一切都正常工作。这是我运行openssl进行测试时的结果:
[root@devtsm ~]# openssl s_client -connect localhost:6060 -tls1_2
CONNECTED(00000003)
140479663523728:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:s3_pkt.c:1493:SSL alert number 70
140479663523728:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:659:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
我对TLS和OpenSSL非常陌生,所以我真的不知道自己在做什么。如果有任何帮助,我们将不胜感激。应用了此更改,并且效果良好
lowerMaximumSecurityTo=ssl.TLSVersion.TLSv1_3
谁知道lowerMaxTo的意思是降低它,这样最大值就是低于这个值的值