HTTPS with HTTP11Connection

Question

HTTPS with HTTP11Connection

deshmukhrajvardhan opened this issue 6 years ago · comments

Rajvardhan S Deshmukh (he/him) commented 6 years ago

Hi All,
What configurations (especially tls versions) do we need to use secure option on HTTP11Connection.
I keep getting error (check the last paragraph)

Client:

ssl_context = hyper.tls.init_context()
ssl_context.load_cert_chain(certfile='/mnt/QUIClientServer0/cert.crt', keyfile='/mnt/QUIClientServer0/cert.key')
ssl_context.load_verify_locations(cafile='/mnt/QUIClientServer0/cert.pem')

connection = hyper.HTTP11Connection('10.10.4.2', ssl_context= ssl_context, secure= True, port=9000)
        http11_conn = connection.request('GET',parse_url.path)
        f_conn=connection.get_response()

Server:
Caddy server

https://10.10.4.2:9000, https://www.yo.org, http://127.0.0.1, https://10.10.4.2:443          
tls cert.crt cert.key {                                                                      
                                                                                             
protocols tls1.0                                                                              
                                                                                              
}

ERROR:

 File "/mnt/QUIClientServer0/download_test_https1.py", line 28, in get_file
    http11_conn = connection.request('GET',parse_url.path)
  File "/usr/local/lib/python3.4/dist-packages/hyper/http11/connection.py", line 251, in request
    self.connect() File "/mnt/QUIClientServer0/download_test_https1.py", line 28, in get_file
    http11_conn = connection.request('GET',parse_url.path)
  File "/usr/local/lib/python3.4/dist-packages/hyper/http11/connection.py", line 251, in request
    self.connect()
  File "/usr/local/lib/python3.4/dist-packages/hyper/http11/connection.py", line 198, in connect
    sock, proto = wrap_socket(sock, self.host, self.ssl_context)
  File "/usr/local/lib/python3.4/dist-packages/hyper/tls.py", line 46, in wrap_socket
    ssl_sock = _ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.4/ssl.py", line 365, in wrap_socket
    _context=self)
  File "/usr/lib/python3.4/ssl.py", line 601, in __init__
    self.do_handshake()
  File "/usr/lib/python3.4/ssl.py", line 828, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:600)

  File "/usr/local/lib/python3.4/dist-packages/hyper/http11/connection.py", line 198, in connect
    sock, proto = wrap_socket(sock, self.host, self.ssl_context)
  File "/usr/local/lib/python3.4/dist-packages/hyper/tls.py", line 46, in wrap_socket
    ssl_sock = _ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.4/ssl.py", line 365, in wrap_socket
    _context=self)
  File "/usr/lib/python3.4/ssl.py", line 601, in __init__
    self.do_handshake()
  File "/usr/lib/python3.4/ssl.py", line 828, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:600)

Rajvardhan S Deshmukh (he/him) · Answer 1 · Thu Mar 01 2018 08:43:27 GMT+0800 (China Standard Time)

Hi All,
I figured out that the error was that alpn on Caddy server is h2 by default, changed it to http/1.1 and it works perfectly.
Thanks