I'm having difficulty trying to create an SSL socket in Python to use a proxy server that requires authentication. I am very sorry for the length, but I felt it was best to include as many details as possible.
First, the server code looks like this:
class ThreadedTCPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer): def __init__(self, server_address, RequestHandlerClass, client_manager, recv_queue): SocketServer.TCPServer.__init__(self, server_address, RequestHandlerClass, bind_and_activate=True) <snipped out extra code> class ThreadedTCPRequestHandler(SocketServer.BaseRequestHandler): def setup(self): while True: try: print 'trying to wrap in ssl' self.request = ssl.wrap_socket(self.request, certfile=(os.getcwd() + '/ssl_certs/newcert.pem'), keyfile=(os.getcwd() + '/ssl_certs/webserver.nopass.key'), server_side=True, cert_reqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_TLSv1, do_handshake_on_connect=False, suppress_ragged_eofs=True) break except Exception, ex: print 'error trying to wrap in ssl %s' % ex def handle(self):
Secondly, this is client code, where I configure the information necessary to connect through a proxy server that requires authentication:
class proxyCommsHandler(): def __init__(self, user, password, remote_host, remote_port, list_of_proxies):
Now, where I initially connect to the proxy, where I get no errors (I get the status code "200"):
self.proxy = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.proxy.connect( (proxy_host, proxy_port) ) self.proxy.sendall(self.proxy_pieces) self.response = proxy.recv(1024)
Here, where the client fails (I think). I am trying to take self.proxy
and wrap it in SSL, for example:
sslsock = ssl.wrap_socket(self.proxy, server_side=False, do_handshake_on_connect=True, ssl_version=ssl.PROTOCOL_TLSv1)
This is the error that I see on the client:
Traceback (most recent call last): File "C:\Python27\pyrevshell.py", line 467, in <module> proxyCommsHandler(None, None, None, None, list_of_proxies).run() File "C:\Python27\pyrevshell.py", line 300, in run ssl_version=ssl.PROTOCOL_TLSv1) File "C:\Python27\lib\ssl.py", line 372, in wrap_socket ciphers=ciphers) File "C:\Python27\lib\ssl.py", line 134, in __init__ self.do_handshake() File "C:\Python27\lib\ssl.py", line 296, in do_handshake self._sslobj.do_handshake() SSLError: [Errno 8] _ssl.c:503: EOF occurred in violation of protocol
The client connects as shown in this output:
trying to wrap in ssl [*] Received connection from xxxx:47144 [*] xxxx:47144 added to the client list
But then the exception immediately follows:
---------------------------------------- Exception happened during processing of request from ('xxxx', 47144) Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 582, in process_request_thread self.finish_request(request, client_address) File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 323, in finish_request self.RequestHandlerClass(request, client_address, self) File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 639, in __init__ self.handle() File "shell_server.py", line 324, in handle recv_msg = self.request.read(1024) File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 138, in read return self._sslobj.read(len) SSLError: [Errno 1] _ssl.c:1348: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number ----------------------------------------
Although I understand that this sounds like an obvious problem based on the Exceptions that were thrown, the interesting parts are as follows:
- I successfully connect initially through a proxy server, as shown above.
- I can successfully connect to a web browser with the same proxy, and there will be no exceptions; I can transfer data to the browser
- I tried different versions of the SSL protocol on the server and client side, as shown in the table here in the Python documentation ; these are client-side errors every time
I used Wireshark at both ends of the connection. When using a normal browser and connecting to the server, I see a complete acknowledgment and SSL negotiation process, and everything works smoothly.
However, when I use the client shown above, as soon as I connect to it, I see that the client sends a Client Hello
message, but then my server sends an RST
packet to kill the connection (I do not know if t is determined if it is before or after an exception an exception).
Again, I apologize for the length, but I really need expert advice.