SSL gond: 'no shared cipher'

Szkriptek: Python, Perl, Bash, ...

udv!

Perl-ben irok egy server es egy kliens scriptet, amiknek SSL-en keresztul kellene egymassal kommunikalni
a problema az, hogy mikor a kliens csatlakozna, a kovetkezo hibauzenetet dobja az SSL:


.../IO/Socket/SSL.pm:1320: SSL accept attempt failed with unknown error error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

mit csinalok rosszul/mi hianyzik?

a server script relevans resze:


163 my $socket = IO::Socket::SSL->new(
| 164 LocalPort => $port,
| 165 Reuse => 1,
| 166 Listen => 10,
| 167 Proto => 'tcp',
| 168 SSL_Server => 1,
| 169 SSL_cert_file => $CERT_FILE,
| 170 SSL_key_file => $KEY_FILE,
| 171 SSL_verify_mode => 0x00,
| 172 SSL_cipher_list => 'ALL');

a hibauzenet ugyanez, ha az openssl-el akarok kozvetlenul csatlakozni: openssl s_client -connect localhost:3246

  • 6330 megtekintés

( Fero | 2012. 08. 03., p – 11:20 )

Sajnos csak egy wroksforme-vel tudok hozzajarulni.

Marmint nagyjabol, mert hiaba mondom neki, h SSL_cipher_list => 'HIGH', megis engedelyezi az EXP_* suite-okat.

( doc | 2012. 08. 03., p – 12:07 )

lecsupaszitottam a ket scriptet, alant jonnek
legyszi kukkantsatok ra, hatha egybol kiszurjatok mi nem jo...
illetve ha ranezesre jo, akkor plz probaljatok ki, hogy nalatok megy-e
hatalmas koszi elore is!

SERVER:

#!/usr/bin/perl -w

use strict;
use warnings;
use IO::Socket::SSL;
$IO::Socket::SSL::DEBUG = 4;

my $CERT_FILE = "cert/localhost.crt";
my $KEY_FILE = "cert/localhost.key";

sub StartServer($)
{
my $port = shift;
my $socket = IO::Socket::SSL->new(
LocalPort => $port,
Reuse => 1,
Listen => 10,
Proto => 'tcp',
SSL_Server => 1,
SSL_cert_file => $CERT_FILE,
SSL_key_file => $KEY_FILE,
SSL_verify_mode => 0x00,
SSL_cipher_list => 'ALL',
#SSL_passwd_cb => sub {return ""}
) || die "ERROR: Can't start server on port $port: ".IO::Socket::SSL::errstr;
print "server started, listening on port $port\n";
$socket;
}

sub ListenLoop($)
{
my $socket = shift;
if (my $client = $socket->accept())
{
my $client_host = $client->host();
my $client_ip = $client->ip();
print "New connection from $client\n";
print while ();
print CLIENT Log("-- END ---");
print "connection closed: $client_host $client_ip";
close CLIENT;
}
else
{
print "WARNING: can't accept connection! ".IO::Socket::SSL::errstr."\n";
}
}

my $socket = StartServer(6543);
ListenLoop($socket) while(1);
$socket->close();

CLIENT:

#!/usr/bin/perl -w

use strict;
use warnings;
use IO::Socket::SSL;

$IO::Socket::SSL::DEBUG = 4;

sub Connect($$)
{
my ($server, $port) = @_;
my $socket = IO::Socket::SSL->new(
PeerAddr => $server,
PeerPort => $port,
#Reuse => 1,
Proto => 'tcp',
SSL_use_cert => 0,
SSL_cipher_list => 'ALL',
#SSL_use_cert => 1,
#SSL_cert_file => $CERT_FILE,
#SSL_verify_mode => 0x01,
#SSL_passwd_cb => sub {return ""}
) || die "ERROR: Can't connect to server $server:$port: ".IO::Socket::SSL::errstr."\t$!";
print "connected to server $server:$port\n";
$socket;
}

sub Close($)
{
my $socket = shift;
$socket->close();
}

my $socket = Connect("localhost", 6543);
$socket->write("testmessage");
Close($socket); 


[19:09:40] hornyakn@Zeus:~/scriptek/ssl_client-server> ./server.pl 
Name "main::CLIENT" used only once: possible typo at ./server.pl line 41.
DEBUG: .../IO/Socket/SSL.pm:1550: new ctx 11098800
server started, listening on port 6543
DEBUG: .../IO/Socket/SSL.pm:494: no socket yet
DEBUG: .../IO/Socket/SSL.pm:496: accept created normal socket IO::Socket::SSL=GLOB(0x9f0c58)
DEBUG: .../IO/Socket/SSL.pm:512: starting sslifying
DEBUG: .../IO/Socket/SSL.pm:552: Net::SSLeay::accept -> 1
DEBUG: .../IO/Socket/SSL.pm:600: handshake done, socket ready
DEBUG: .../IO/Socket/SSL.pm:500: accept_SSL ok
Can't locate object method "host" via package "IO::Socket::SSL" at ./server.pl line 35.
DEBUG: .../IO/Socket/SSL.pm:1587: free ctx 11098800 open=11098800
DEBUG: .../IO/Socket/SSL.pm:1595: OK free ctx 11098800

[19:08:45] hornyakn@Zeus:~/scriptek/ssl_client-server> ./client.pl 
DEBUG: .../IO/Socket/SSL.pm:1550: new ctx 7977984
DEBUG: .../IO/Socket/SSL.pm:334: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:336: socket connected
DEBUG: .../IO/Socket/SSL.pm:354: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:397: Net::SSLeay::connect -> 1
DEBUG: .../IO/Socket/SSL.pm:452: ssl handshake done
connected to server localhost:6543
  write_all VM at entry=vm_unknown
partial `testmessage'
  written so far 11:11 bytes (VM=vm_unknown)
DEBUG: .../IO/Socket/SSL.pm:1587: free ctx 7977984 open=7977984
DEBUG: .../IO/Socket/SSL.pm:1595: OK free ctx 7977984

--
Discover It - Have a lot of fun!