I am using python3 ssl to connect via web sockets to an nginx server. According to my code below, I should be connecting via TLSv1_1.3 since I not using 1, 1.1, or 1.2. My ssl (OpenSSL 1.1.1h 22 Sep 2020) supports TLSv1.3.
sslCon=None
if self.server.startswith("wss"):
sslCon=ssl.SSLContext(ssl.PROTOCOL_TLS)
sslCon.options |= (
ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2
)
self.conn = await websockets.connect(self.server, ssl=sslCon)
My NGINX config specifies TLSv1.3, but when I observer the connection over Wireshark, I see the following. Any ideas to how to diagnose this further?
Frame 3172: 308 bytes on wire (2464 bits), 308 bytes captured (2464 bits) on interface en0, id 0
Ethernet II, Src: Apple_62:32:d8 (XX:XX:XX:XX:XX:XX), Dst: Cisco_9f:f2:8f (00:00:0c:9f:f2:8f)
Internet Protocol Version 4, Src: XXX.XXX.XXX.XXX, Dst: XXX.XXX.XXX.XXX
Transmission Control Protocol, Src Port: 62035, Dst Port: 8189, Seq: 1, Ack: 1, Len: 242
Transport Layer Security
TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 237
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 233
Version: TLS 1.2 (0x0303)
Random: dccd34397b86bac156d3ae39483a268ed3536ef09a3557c3…
Session ID Length: 32
Session ID: ea577122c909b7c78e20dbb5f982a7be94169fac8f51886f…
Cipher Suites Length: 8
Cipher Suites (4 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 152
Extension: server_name (len=23)
Extension: ec_point_formats (len=4)
Extension: supported_groups (len=12)
Extension: session_ticket (len=0)
Extension: encrypt_then_mac (len=0)
Extension: extended_master_secret (len=0)
Extension: signature_algorithms (len=30)
Extension: supported_versions (len=3)
Extension: psk_key_exchange_modes (len=2)
Extension: key_share (len=38)
Aucun commentaire:
Enregistrer un commentaire