-
-
Save oborichkin/d8d0c7823fd6db3abeb25f69352a5299 to your computer and use it in GitHub Desktop.
import socket | |
import ssl | |
from tls_server import HOST as SERVER_HOST | |
from tls_server import PORT as SERVER_PORT | |
HOST = "127.0.0.1" | |
PORT = 60002 | |
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
client.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) | |
client = ssl.wrap_socket(client, keyfile="path/to/keyfile", certfile="path/to/certfile") | |
if __name__ == "__main__": | |
client.bind((HOST, PORT)) | |
client.connect((SERVER_HOST, SERVER_PORT)) | |
while True: | |
from time import sleep | |
client.send("Hello World!".encode("utf-8")) | |
sleep(1) | |
import socket | |
import ssl | |
HOST = "127.0.0.1" | |
PORT = 60000 | |
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) | |
server = ssl.wrap_socket( | |
server, server_side=True, keyfile="path/to/keyfile", certfile="path/to/certfile" | |
) | |
if __name__ == "__main__": | |
server.bind((HOST, PORT)) | |
server.listen(0) | |
while True: | |
connection, client_address = server.accept() | |
while True: | |
data = connection.recv(1024) | |
if not data: | |
break | |
print(f"Received: {data.decode('utf-8')}") |
Welcome
Sorry, I'm new to Python and security. Is it possible to make a connection without this file because, frankly, I didn't understand how to create it despite reading about the topic?
You have to understand what make connection secure.
If client and server would communicate in plain text then anyone could see what is going in the connection and make date change on it's way. When you are connecting to the https://github.com it first sends you it's certificate and also public key. Them your web browser (or anything else) can encrypt data using Public Key (That anyone can know) and sends it to server. Now I want to mention the Asymmetric Encryption. It is bases on two keys. Public and Private one. You can encrypt using Public key BUT ONLY DECRYPT USING PRIVATE KEY. And going back to example with GitHub. Only GitHub knows the private key.
This is pretty much it.
After that you sent some key for symmetric encryption (one key is for encryption and decryption), because we don't want to expose private key. But you don't have to handle it, it happens in the background and you don't have to care about it. But if you want encrypted/safe connection you have to generate your own certificate and key.
If you still don't understand maybe watch this.
And if also here is in my opinion a great tutorial on generating SSL certificates. https://www.youtube.com/watch?v=d8OpUcHzTeg
If you have any more question contact me on Discord.
Name: COVAND#6369
Hi COVAND
I tried messaging you on discord but it fails as I need to be your friend? I sent a friend request as well (sriram#2471)
thanks
Sriram
can you please show me which files (key, cert) need to be present within the run folder?
I can imagine server public key (for client to encrypt) and vice versa.
You can see my project https://github.com/NguyenKhue09/Socket-Server
Hey @oborichkin , may I know how I could create a thread to handle client connection?
Giving the code, if a client disconnected, the server side will exit. I do not want the server side pgm ended abnormally.
Quite concerning that this gist is so popular for some reason. It's remarkably bad.
from tls_server import HOST as SERVER_HOST
from tls_server import PORT as SERVER_PORT
Just why...
PORT = 60002
Ports 49152–65535 are ephemeral ports. It's not recommended to use them.
client.bind((HOST, PORT))
You do not need to bind in client. OS will automatically pick an ephemeral source port.
client.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
Ok, I guess you found a fix for the useless thing above.
while True:
from time import sleep
Move that to the top. It's also not a good idea to import directly to a global namespace.
client.send("Hello World!".encode("utf-8"))
Use .sendall
instead of .send
in synchronous sockets to avoid surprises.
Fixed
import socket
import ssl
import time
SERVER_HOST = "127.0.0.1"
SERVER_PORT = 40000
if __name__ == "__main__":
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client = ssl.wrap_socket(client, keyfile="path/to/keyfile", certfile="path/to/certfile")
client.connect((SERVER_HOST, SERVER_PORT))
while True:
client.sendall("Hello World!".encode("utf-8"))
time.sleep(1)
import socket
import ssl
HOST = "127.0.0.1"
PORT = 40000
if __name__ == "__main__":
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
server = ssl.wrap_socket(
server, server_side=True, keyfile="path/to/keyfile", certfile="path/to/certfile"
)
server.bind((HOST, PORT))
server.listen(0)
while True:
connection, client_address = server.accept()
while True:
data = connection.recv(1024)
if not data:
break
print(f"Received: {data.decode('utf-8')}")
To avoid getting the deprecation warning and update the code SSLContext method must be used and the unwrapped socket closed as specified at https://pythontic.com/ssl/sslcontext/sslcontext :
import socket
import ssl
HOST = "127.0.0.1"
PORT = 8443
if __name__ == "__main__":
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.load_cert_chain(certfile="/path/to/certfile", keyfile="/path/to/keyfile")
context.load_verify_locations(cafile="/path/to/certfile")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server = context.wrap_socket(s)
server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.close()
server.bind((HOST, PORT))
server.listen(0)
while True:
connection, client_address = server.accept()
while True:
data = connection.recv(1024)
if not data:
break
print(f"Received: {data.decode('utf-8')}")
import socket
import ssl
import time
HOST = "127.0.0.1"
PORT = 8443
if __name__ == "__main__":
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.load_cert_chain(certfile="/path/to/certfile", keyfile="/path/to/keyfile")
context.load_verify_locations(cafile="/path/to/certfile")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client = context.wrap_socket(s, server_hostname=HOST)
s.close()
client.connect((HOST, PORT))
while True:
client.sendall("Hello World!".encode("utf-8"))
time.sleep(1)
@NguyenKhue09 Provided really good documentation,
but assuming that you don't know what they are you must
be new in this topic.
certfile
is path to your X.509certificate (Or just an SSL certificate).
keyfile
is a pathto file with NOT encrypted private key (If you don't
know what is that read yourself something about asymmetric
cryptology). Personally I used instruction below. You can
generate a Root CA, Sub CA and Certificate for server
Sorry for it being a little bit messy and some typing errors but
I made it when I still was learning english.
PS Please install OpenSSL and then follow the instruction, also
I preformed it on windows but you should be fine on linux too.