ssl module - how can I accept SSLv3 and TLSv1 protocols only?

Giampaolo Rodola' gnewsg at gmail.com
Wed Jan 7 04:01:48 CET 2009


Hi,
I'm trying to add TLS/SSL support to pyftpdlib.
Since various defects have been found in the SSLv2 protocol many FTPS
servers (i.e. proftpd and vsftpd) decided to support SSLv3 and TLSv1
only and sistematically reject any client attempting to use SSLv2.
Is there a way to tell ssl.wrap_socket() to accept SSLv3 and TLSv1
connections only?
If that's not possible can I determine the encryption protocol being
used *after* that the SSL/TLS handshake took place?


I tried to use wrap_socket as follows:

self.socket = ssl.wrap_socket(self.socket, ,
                                            certfile=CERTFILE,
                                            server_side=True,
 
ssl_version=ssl.PROTOCOL_SSLv3 | ssl.PROTOCOL_TLSv1)

...it works if on the client side I use TLSv1 but not if I use SSLv3
("SSLError: [Errno 1] _ssl.c:480: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv 3 alert handshake failure" exception is
raised)



Thanks in advance for any help.


--- Giampaolo
http://code.google.com/p/pyftpdlib/



More information about the Python-list mailing list