EXP(ORT) ciphers and M2Crypto/OpenSSL

Discussion in 'Python' started by miroslav.stampar@gmail.com, Jun 19, 2012.

  1. Guest

    I am having a hard time running a M2Crypto SSLServer with EXPORT grade ciphers.

    LOW/MEDIUM/HIGH grade ciphers work without any problems, but EXPORT just won't. Also, when OpenSSL is run in a server mode from a command line it accepts EXPORT grade ciphers without any problems.

    So, either I am missing something or there is a problem in a M2Crypto module. Any help is appreciated.

    Used python code (ssl-server.py) looks like this:
    ---
    import M2Crypto
    import socket

    CERTFILE = "dummy_cert.pem"
    KEYFILE = "dummy_key.pem"
    PROTOCOL = "sslv3"
    HOST = "0.0.0.0"
    PORT = 4433

    def main():
    print " Initializing context ..."
    ctx = M2Crypto.SSL.Context(protocol=PROTOCOL, weak_crypto=True)
    ctx.load_cert_chain(certchainfile=CERTFILE, keyfile=KEYFILE)
    ctx.set_options(M2Crypto.m2.SSL_OP_ALL)
    ctx.set_cipher_list("ALL")

    print " Initializing socket ..."
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.bind((HOST, PORT))
    sock.listen(1)
    conn, addr = sock.accept()

    print " SSL handshake ..."
    ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn)
    ssl_conn.setup_ssl()
    try:
    ssl_conn_res = ssl_conn.accept_ssl()
    except Exception, ex:
    print "[x] SSL connection failed: '%s'" % str(ex)
    else:
    if ssl_conn_res == 1:
    print " SSL connection accepted"
    else:
    print "[x] SSL handshake failed: '%s'" % ssl_conn.ssl_get_error(ssl_conn_res)

    if __name__ == "__main__":
    main()
    ---
    Symptoms are:
    ---
    $ uname -a
    Linux XYZ 2.6.38-15-generic #59-Ubuntu SMP Fri Apr 27 16:03:32 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

    $ cat /etc/lsb-release
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=11.04
    DISTRIB_CODENAME=natty
    DISTRIB_DESCRIPTION="Ubuntu 11.04"

    $ python -c "import M2Crypto;print M2Crypto.version_info"
    (0, 20, 1)

    $ openssl version
    OpenSSL 0.9.8o 01 Jun 2010

    1) NOT OK
    SERVER (terminal 1): $ python ssl-server.py
    CLIENT (terminal 2): $ openssl s_client -connect localhost:4433 -cipher EXPORT
    CONNECTED(00000003)
    28131:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:602:

    2) OK
    SERVER (terminal 1): $ openssl s_server -cert dummy_cert.pem -key dummy_key.pem -ssl3 -no_tls1 -no_ssl2 -cipher EXPORT
    CLIENT (terminal 2): $ openssl s_client -connect localhost:4433 -cipher EXPORT
    CONNECTED(00000003)
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 322 bytes and written 237 bytes
    ---
    New, TLSv1/SSLv3, Cipher is EXP-ADH-DES-CBC-SHA
    Secure Renegotiation IS supported
    Compression: zlib compression
    Expansion: zlib compression
    SSL-Session:
    Protocol : SSLv3
    Cipher : EXP-ADH-DES-CBC-SHA
    Session-ID: 65FD9BCC1068A538F64A496AEA0B8B57A1EE732E8F4D0D6BD3E30CE351CC47B2
    Session-ID-ctx:
    Master-Key: 9F2B44804FCE0CBDB82282F0CBF3473508223B9E8ADF967E2CB5B903A922823C5D0DEFB53FE605825C0D86B074362904
    Key-Arg : None
    Compression: 1 (zlib compression)
    Start Time: 1340109420
    Timeout : 300 (sec)
    Verify return code: 0 (ok)
    ---
    Content of a dummy_cert.pem is as follows:
    ---
    -----BEGIN CERTIFICATE-----
    MIICkTCCAfqgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJCRTEQ
    MA4GA1UEAxMHdGVzdC1jYTAeFw0xMjA1MDYwODQyNDlaFw0yMjA1MDMwODQyNDla
    MCcxCzAJBgNVBAYTAkJFMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wgZ8wDQYJ
    KoZIhvcNAQEBBQADgY0AMIGJAoGBAL7OBv9wRwtNjN984XSy22/rw6tHM6Lq/Ccf
    NoHKbqwC+PsxgmgJJiGBGewrzBR42toqHJi7EjHhuvrgqV9s2duPQBAANh7tzY1h
    6VekrwhIIt4o1h0F2KB16VXA8s918d+8pRGt2T11GUh/QT3m9yY1VzqdIBeAfklC
    ET6ncPK/AgMBAAGjgdQwgdEwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAw
    KwYJYIZIAYb4QgENBB4WHFRpbnlDQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
    VR0OBBYEFNGQArEZPKprJTn7A64qEFfl0m4xME8GA1UdIwRIMEaAFFuITOUJlGrJ
    9lKufs8cm1MpwXrroSOkITAfMQswCQYDVQQGEwJCRTEQMA4GA1UEAxMHdGVzdC1j
    YYIJALimgW7YUgdrMAkGA1UdEgQCMAAwCQYDVR0RBAIwADANBgkqhkiG9w0BAQUF
    AAOBgQDWh8A0eBxI9XHy68xdjFsk2oerJeV6qqlcmtPZgz3GlarRcWcKsRJOyLLL
    dCOe7tY5isWQAoLt6XALzDWjbQkTJnxBaKHif1MIikuajaYKT7LA1MvFn50Qrm6n
    f9hG7gvdTpm1rlPcs0qibp1vJVubkU51mT6JT4UnLfeVIjtL7Q==
    -----END CERTIFICATE-----
    ---
    Content of a dummy_key.pem is as follows:
    ---
    -----BEGIN RSA PRIVATE KEY-----
    MIICXgIBAAKBgQC+zgb/cEcLTYzffOF0sttv68OrRzOi6vwnHzaBym6sAvj7MYJo
    CSYhgRnsK8wUeNraKhyYuxIx4br64KlfbNnbj0AQADYe7c2NYelXpK8ISCLeKNYd
    BdigdelVwPLPdfHfvKURrdk9dRlIf0E95vcmNVc6nSAXgH5JQhE+p3DyvwIDAQAB
    AoGBAIZldIRkP4Z0n2+j9OJQQUS6Wl7AjlyJDAc6cxhE0GOUzG+S1foVx6f92ZaC
    2wLoha75zp691fkQuLWRnXu7nk9QwxQdOppKijIPHdL2cYtUc9UCedN5rExjpcOP
    4Hjwf17YOxK2J0zzmG1djTBB47BKGUedSQ7E1QxGcrESS2XxAkEA+6ey2jy8etWi
    QmCdJJIxXwKRVHCmt5LVwj+IOk/u3sr1AGfBm7spKGU3boCiFt4FmjGMax7B9r/e
    zPaMb34guwJBAMIZX7Vv5gfjvWtgp6pyE/UkjRSOKBpuy9gyiqtLBJwehj/qsBqr
    O6tFmjMFiudVusnVSrEFGAPLV52xf0U4580CQQDkEQ1UH2spX2dYBLslo6A+3NLc
    1eMhx18WVgGd50cyfnkfzuh1vF8GjwR3jvhXBQvKvFDn284pU6YV1vNbL9F1AkEA
    o2CwSwyRV3q+6i9Fchbr7aCCkBbIctdoBeclCeHvU2nuHsbwzMHtS9EeZmv365kh
    zNoYMMDU4fy7FyVct2ua0QJASXtIwYKZ2CAP+lAQqfh+knRRqtqdLt4Lt0mpML5m
    UtsECS8frKeF3mynXfsyRkvC8F2WFiJVJ3+D+y3zYNGlZg==
    -----END RSA PRIVATE KEY-----
     
    , Jun 19, 2012
    #1
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Luc The Perverse

    Java Source For Asymmetric Key Ciphers

    Luc The Perverse, Jan 16, 2006, in forum: Java
    Replies:
    54
    Views:
    2,613
    WhatIThink
    Feb 8, 2011
  2. mattpryor
    Replies:
    0
    Views:
    1,640
    mattpryor
    Apr 28, 2006
  3. Adam Mercer
    Replies:
    5
    Views:
    1,499
    Robert Schuon
    Dec 21, 2010
  4. Adam Mercer
    Replies:
    3
    Views:
    598
    geremy condra
    Jul 15, 2010
  5. Stone
    Replies:
    6
    Views:
    3,415
    Roedy Green
    Jun 19, 2011
  6. Jamis Buck

    openssl ciphers

    Jamis Buck, Apr 13, 2004, in forum: Ruby
    Replies:
    6
    Views:
    522
    Vance Heron
    Apr 16, 2004
  7. Terry

    openssl ciphers - revisited

    Terry, May 28, 2004, in forum: Ruby
    Replies:
    2
    Views:
    1,100
    GOTOU Yuuzou
    May 30, 2004
  8. Redd Vinylene
    Replies:
    6
    Views:
    569
    Jakub Pawlowicz
    Nov 18, 2008
Loading...