search

secdev / scapy

Scapy: the Python-based interactive packet manipulation program & library.
https://scapy.net
GNU General Public License v2.0
10.74k stars 2.03k forks source link

TLSServerAutomaton cannot finish ssl handshake #2346

Closed acp6 closed 4 years ago

acp6 commented 4 years ago

Things to consider

Brief description

Using TLSServerAutomaton (in scapy.layers.tls) to run a server, cannot finish ssl handshake with openssl s_client

Environment

How to reproduce

in iPython: from scapy.all import * from scapy.layers.tls.automaton_srv import TLSServerAutomaton t = TLSServerAutomaton(mycert='server-rsa-cert.pem', mykey='server-rsa-key.pem') t.run()

in terminal: openssl s_client -connect 127.0.0.1:4433

Actual result

Screenshot 2019-11-27 10 25 06

I edited the file automaton_srv.py by chaning the c = self.buffer_out[-1].msg[0].cipher to c = self.buffer_out[-1].inner.msg[0].cipher

to resolve the AttributeError: msg, but still cannot connect to a ssl client.

Related resources

lwilms commented 4 years ago

I had this problem as well, your error actually is because the TLSServerAutomaton does not yet support TLS1.3 and openssl uses TLS1.3 as a standard to communicate with a TLS Server.

try: openssl s_client -tls1_2 -connect 127.0.0.1:4433

That said, I have a different error message, which might give an author a motivation. I had the same code, but a Python version 3.6.

Here is the logfile: log.txt

gpotter2 commented 4 years ago

Sorry for the delay.

Please note we're very actively working on bringing TLS 1.3 capabilities. You can track the progress on https://github.com/secdev/scapy/pull/2132

Most of the bugs mentioned should be fixed by now. The implementation isn't finished (still GREASE to handle for instance..).

gpotter2 commented 4 years ago

Now supports TLS 1.3. see https://github.com/secdev/scapy/pull/2132