How to Replace Python’s socket.ssl with M2Crypto’s SSL Implementation

It seems like I started a mini-series about “hidden” M2Crypto tools and modules…

Python’s socket.ssl is not secure. If you need any real security you need to look for 3rd party packages (things will improve a little with Python 2.6).

Sometimes you are faced with a library that does SSL, but uses Python’s socket.ssl that you can’t easily replace. For this purpose I wrote a little helper module using M2Crypto. Basically you just need to import this socklib.py before you import the module that is using Python’s socket.ssl, and call socklib.setSSLContextFactory() with context factory that creates secure SSL contexts and your SSL usage just became secure.

The socklib.py implementation is for client side only. It would be easy to expand it for servers, though. It may also lack some features, but it filled the need I had so that is where I stopped. I wrote it for Python 2.5 and haven’t thought what would need to be changed for 2.6.

Similar Posts:

    None Found

7 Comments

  1. Pedant:

    > Python’s socket.ssl is not secure

    [Citation needed]

  2. Richard Moore:

    @Pedant, it does not check the certificate is signed by a valid CA. The result is that you are vulnerable to a MITM attack from anyone who makes a self-signed certificate.

  3. Heikki Toivonen:

    Richard is right, but even checking certificate signatures is not enough. There is a lot of validation that needs to happen with certificates, but even in addition to that one needs to check that the certificate was issued for the host that you are trying to connect to. Without this step any valid certificate from a reputable CA could be used to perform MITM attack on any connection. There are other kinds of checks that could be done instead of hostname (like verifying certificate fingerprint is in a set of accepted fingerprints), but hostname check is the most common one and is done by your browser and email client for example.

    Incidentally, it seems the hostname check is the least well-known practices about securing an SSL connection. I just tried to find a reference that explains this, and didn’t find any good links. Network Security with OpenSSL book is a good reference, though. There is a sizeable group of people that think SSL is not even secured against MITM because they don’t know about the hostname check (or in general, post connection check that confirms you are talking to the right party).

  4. Markus Stumpf:

    I have more of a question than a comment.
    RFC 2817 (http://www.faqs.org/rfcs/rfc2817.html) specifies a method to upgrade a HTTP connection to a TLS HTTP connection. I gave been looking (mostly out of interest) for a way to do this in python (client side) and to find a module and/or examples. The apache webserver supports it, but I haven’t found a supporting client/browser yet to fully test it. The advantage is that you can have TLS connections for multiple virtual hosts with different keys/certs.

    Do you by chance have any examples/ideas how to do that in python?

    Thanks!

  5. Heikki Toivonen:

    @Markus: I believe you want Server Name Indication extension to TLS: http://en.wikipedia.org/wiki/Server_Name_Indication

    This is fairly widely implemented now, see for example this post: http://weblogs.mozillazine.org/gerv/archives/2007/08/virtual_hosting_ssl_and_sni.html

    I haven’t actually ever tried to use it explicitly, so I can’t tell you how to do that in Python, or if anything special would be needed (assuming you have an OpenSSL version where it is implemented).

  6. Richard Moore:

    @Heikki

    BTW there seem to be some issues in OpenSSL (or possibly pyopenssl I’m not sure yet) regarding certificates with multiple CNs or multiple subjectAltNames. Something to watch for (most browsers support such certificates).

  7. Markus Stumpf:

    @Heikki: thanks a lot.
    I really wonder why I never came across SNI while investigating the TLS upgrade.
    Server Name Indication (SNI) is specified in RFC 3546: http://www.ietf.org/rfc/rfc3546.txt
    A dicussion about “TLS Upgrade” vs. “Server Name Indication” can be found in the Mozilla Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=276813
    Also, SNI is supported by most modern browsers and webservers (even apache since 2.2.8+ with mod_ssl).