Simple TLS NPN negotiation not working on socket server
Alek Storm
alek.storm at gmail.com
Tue Apr 17 09:31:33 EDT 2012
Hi all,
Support for the TLS NPN extension was apparently just added in Python 3.3
(see http://bugs.python.org/issue14204), but I can't get the following
simple TCP server using it to work with a browser:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind(('',8000))
sock.listen(5)
while True:
conn, address = sock.accept()
context = ssl.SSLContext(ssl.PROTOCOL_SSLv3)
context.load_cert_chain(certfile=ssl_options['certfile'],
keyfile=ssl_options['keyfile'])
context.set_npn_protocols(['spdy/2', 'http/1.1'])
conn = context.wrap_socket(conn, server_side=True)
print(conn.selected_npn_protocol()) # prints `None`, instead of either
protocol name
conn.close()
Connecting with either Firefox 11 or Chrome (which both support NPN) causes
this to print None, rather than a protocol name. What's going on? This is
such a basic use case that I doubt it's a library bug, but I have no idea
how to debug a TLS connection. I'm using Python 3.3.0a2 and OpenSSL 1.0.1 (
ssl.HAS_NPN is True).
Does the protocol matter? PROTOCOL_SSLv23 gives the same result, but
PROTOCOL_TLSv1 makes it die with SSL3_GET_CLIENT_HELLO:wrong version
number(strange, because both browsers ostensibly support TLS).
Thanks,
Alek Storm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20120417/b8f6f38a/attachment.html>
More information about the Python-list
mailing list