ssl module - how can I accept SSLv3 and TLSv1 protocols only?

  • Thread starter Giampaolo Rodola'
  • Start date
G

Giampaolo Rodola'

Hi,
I'm trying to add TLS/SSL support to pyftpdlib.
Since various defects have been found in the SSLv2 protocol many FTPS
servers (i.e. proftpd and vsftpd) decided to support SSLv3 and TLSv1
only and sistematically reject any client attempting to use SSLv2.
Is there a way to tell ssl.wrap_socket() to accept SSLv3 and TLSv1
connections only?
If that's not possible can I determine the encryption protocol being
used *after* that the SSL/TLS handshake took place?


I tried to use wrap_socket as follows:

self.socket = ssl.wrap_socket(self.socket, ,
certfile=CERTFILE,
server_side=True,

ssl_version=ssl.PROTOCOL_SSLv3 | ssl.PROTOCOL_TLSv1)

....it works if on the client side I use TLSv1 but not if I use SSLv3
("SSLError: [Errno 1] _ssl.c:480: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv 3 alert handshake failure" exception is
raised)



Thanks in advance for any help.


--- Giampaolo
http://code.google.com/p/pyftpdlib/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,982
Messages
2,570,185
Members
46,737
Latest member
Georgeengab

Latest Threads

Top