我想进行TLS通信,但当我尝试用WireShark检查时,它显示这只是普通的TCP连接,没有使用TLS。这不应该发生,因为有证书存在。
客户端:
import socket
import ssl
hostname = 'localhost'
# PROTOCOL_TLS_CLIENT requires valid cert chain and hostname
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.load_verify_locations('certificates/ca.pem')
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssock = context.wrap_socket(sock, server_hostname=hostname)
ssock.connect((hostname, 8080))
print(ssock.version())
ssock.send("TLSnotWorking".encode("UTF-8"))
ssock.close()
服务器:
import ssl
import socket
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.load_cert_chain('certificates/server.pem', 'certificates/server.key')
with socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) as sock:
sock.bind(('127.0.0.1', 8080))
sock.listen(5)
with context.wrap_socket(sock, server_side=True) as ssock:
try:
while True:
conn, addr = ssock.accept()
try:
while True:
msg = conn.recv(4096)
if not len(msg):
conn.close()
break
print(msg.decode("UTF-8"))
except Exception as e:
print(e)
except KeyboardInterrupt:
conn.close()
ssock.shutdown(socket.SHUT_RDWR)
ssock.close()
wrap_socket()
默认设置为do_handshake_on_connect=True
,所以在ssock.connect()
和ssock.accept()
中应自动执行TLS握手。你确定你在Wireshark中查看了正确的TCP连接吗?默认情况下未启用捕获“localhost”流量。 - Remy Lebeau