Python and SSL
richmoore44 at gmail.com
richmoore44 at gmail.com
Fri Oct 5 08:17:41 EDT 2007
On Oct 5, 2:50 am, John Nagle <na... at animats.com> wrote:
> Johny wrote:
> > Martin and John,
> > Thank you both for your replies
> > Must I have OpenSSL imported in my Python program?
> > So far I have been using only SSL support.
> > Built-in SSL support works OK if I connect from my Python program
> > directly to SSL server ( but not via proxy).
> > L.
>
> SSL isn't SUPPOSED to work through proxies. That's the whole point of
> SSL - to prevent somebody in the middle from tapping into the connection.
> Look up "man in the middle attack".
I'm afraid this is complete rubbish - using a proxy with SSL is fine.
The only
issue is that the built in python SSL support doesn't work with
proxies. There
are a number of ways of adding support though eg.
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/456195
One thing to note is that python's built in SSL support does not
validate the
server certicate and is therefore vulnerable to MITM attacks
irrespective
of whether a proxy is in use or not. If you want real security then
you need
to use something like PyOpenSSL or M2Crypto and a certificate store
with your
root CAs.
Rich.
More information about the Python-list
mailing list