Comments (4)
Jnetops
commented on June 11, 2024
If this is a stupid bug report I apologize. If this functionality exists please, if you don't mind, advise me on how I would use it. Otherwise, if you need further information I can submit anything you need for a use case, including pcap of how a typical handshake with this particular server occurs vs how this library currently handles it etc.
from python-mbedtls.
Synss
commented on June 11, 2024
Hi @Jnetops! No need to apologize. 😉 I will have a look at this in the next few days.
from python-mbedtls.
Jnetops
commented on June 11, 2024
OK no problem. The error I get is a WantReadError() with the current state being HandshakeStep.SERVER_HELLO. This is totally understandable since once a CLIENT_HELLO is sent with cookie, the expectation is a SERVER_HELLO should follow. If there was a way to manually set state to HELLO_REQUEST so it attempts to read the right state, or ability to trigger renegotiation on HELLO_REQUEST etc etc that would be super.
from python-mbedtls.
Synss
commented on June 11, 2024
It looks like mbedtls_ssl_conf_renegotiation() is indeed what you need but, according to upstream documentation, the option is dangerous and easily misused, as you might have seen already
If you don't need renegotiation, it's probably better to disable it, since
it has been associated with security issues in the past and is easy to
misuse/misunderstand.
https://github.com/ARMmbed/mbedtls/blob/master/include/mbedtls/mbedtls_config.h#L1428-L1432
It is recommended to always disable renegotation unless you
know you need it and you know what you're doing. In the
past, there have been several issues associated with
renegotiation or a poor understanding of its properties.
https://github.com/ARMmbed/mbedtls/blob/master/include/mbedtls/ssl.h#L3333-L3336
Actually, I realize https://github.com/Synss/python-mbedtls/blob/master/src/mbedtls/tls.pyx#L446 is useless in my code and I will remove the line. I think it is best if you patch the library yourself and make sure that
# https://github.com/Synss/python-mbedtls/blob/master/src/mbedtls/tls.pxd#L305-L307
void mbedtls_ssl_conf_renegotiation(
mbedtls_ssl_config *conf,
int renegotiation)remains as-is and
# https://github.com/Synss/python-mbedtls/blob/master/src/mbedtls/tls.pyx#L446
_tls.mbedtls_ssl_conf_renegotiation(&self._ctx, 0)is either set with a parameter or set to 1
# or if you want to always enable renegotiation, which is not recommended
_tls.mbedtls_ssl_conf_renegotiation(&self._ctx, 1)from python-mbedtls.
Related Issues (20)
- Possibility to change mbedtls_ssl_conf_read_timeout HOT 7
- Chunking while sending more than 1024B data during handshake HOT 5
- TLS error when running client.py and server.py HOT 2
- server.py and client.py still have bugs when running on the Ubuntu system. HOT 2
- DTLSConnection Id Support HOT 1
- Vulnerable shared libraries might make python-mbedtls vulnerable. Can you help upgrade to patch versions? HOT 3
- won't install/compile HOT 1
- fails to run HOT 2
- error control nb args HOT 1
- Executing server.py gives:
- server.py error HOT 2
- Tests fail if mbedtls built without ARIA support HOT 1
- Issue with loading private keys and trailing null bytes HOT 4
- AES GCM 128 and 256 fails TAG test vector HOT 2
- Provide an example of DTLS server and client with certificates instead of PSK HOT 14
- Possibility to change MTU (max_frag_len) fragmentation size. HOT 8
- TLSWrappedSocket.shutdown(int) does not send DTLS Alert Close Notify message (mbedtls_ssl_close_notify) HOT 4
- Python handle of "record from another epoch: expected 1, received 0" HOT 4
- test_version() test fails due to Mbed TLS spelling change HOT 2
- Random error in HelloVerifyRequest() HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-mbedtls.