Comments on: How to Replace Python’s socket.ssl with M2Crypto’s SSL Implementation

By: Markus Stumpf

Markus Stumpf — Fri, 03 Oct 2008 17:23:01 +0000

@Heikki: thanks a lot.
I really wonder why I never came across SNI while investigating the TLS upgrade.
Server Name Indication (SNI) is specified in RFC 3546: http://www.ietf.org/rfc/rfc3546.txt
A dicussion about “TLS Upgrade” vs. “Server Name Indication” can be found in the Mozilla Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=276813
Also, SNI is supported by most modern browsers and webservers (even apache since 2.2.8+ with mod_ssl).

By: Richard Moore

Richard Moore — Fri, 03 Oct 2008 16:43:52 +0000

@Heikki

BTW there seem to be some issues in OpenSSL (or possibly pyopenssl I’m not sure yet) regarding certificates with multiple CNs or multiple subjectAltNames. Something to watch for (most browsers support such certificates).

By: Heikki Toivonen

Heikki Toivonen — Fri, 03 Oct 2008 03:41:20 +0000

@Markus: I believe you want Server Name Indication extension to TLS: http://en.wikipedia.org/wiki/Server_Name_Indication

This is fairly widely implemented now, see for example this post: http://weblogs.mozillazine.org/gerv/archives/2007/08/virtual_hosting_ssl_and_sni.html

I haven’t actually ever tried to use it explicitly, so I can’t tell you how to do that in Python, or if anything special would be needed (assuming you have an OpenSSL version where it is implemented).

By: Markus Stumpf

Markus Stumpf — Thu, 02 Oct 2008 17:06:06 +0000

I have more of a question than a comment.
RFC 2817 (http://www.faqs.org/rfcs/rfc2817.html) specifies a method to upgrade a HTTP connection to a TLS HTTP connection. I gave been looking (mostly out of interest) for a way to do this in python (client side) and to find a module and/or examples. The apache webserver supports it, but I haven’t found a supporting client/browser yet to fully test it. The advantage is that you can have TLS connections for multiple virtual hosts with different keys/certs.

Do you by chance have any examples/ideas how to do that in python?

Thanks!

By: Heikki Toivonen

Heikki Toivonen — Thu, 02 Oct 2008 16:50:52 +0000

Richard is right, but even checking certificate signatures is not enough. There is a lot of validation that needs to happen with certificates, but even in addition to that one needs to check that the certificate was issued for the host that you are trying to connect to. Without this step any valid certificate from a reputable CA could be used to perform MITM attack on any connection. There are other kinds of checks that could be done instead of hostname (like verifying certificate fingerprint is in a set of accepted fingerprints), but hostname check is the most common one and is done by your browser and email client for example. Incidentally, it seems the hostname check is the least well-known practices about securing an SSL connection. I just tried to find a reference that explains this, and didn't find any good links. Network Security with OpenSSL book is a good reference, though. There is a sizeable group of people that think SSL is not even secured against MITM because they don't know about the hostname check (or in general, post connection check that confirms you are talking to the right party).

By: Richard Moore

Richard Moore — Thu, 02 Oct 2008 12:06:53 +0000

@Pedant, it does not check the certificate is signed by a valid CA. The result is that you are vulnerable to a MITM attack from anyone who makes a self-signed certificate.

By: Pedant

Pedant — Thu, 02 Oct 2008 08:13:32 +0000

> Python’s socket.ssl is not secure

[Citation needed]