This project is mainly used for demonstrating how tls handshake is performed for python programmers.
Do not use this project in any production environment, it is just for education.
TLSv1.1, TLSv1.2
RSA, ECDHE-RSA, ECDHE-ECDSA key exchange
AES CBC, GCM encryption
SSLKEYLOGFILE
Python 3.6 (tested)
pipenv
cryptography
venv
python -m venv .
source bin/activate (linux)
Scripts/activate (windows cmd)
pip install pipenv
pipenv install
# or you can install cryptography directly without pipenv
python index.py www.google.com
pipenv
pipenv install
pipenv run python index.py google.com
python index.py
for example,
python index.py www.facebook.com
To specify cipher
python index.py -c
for example,
python index.py www.facebook.com -c AES256-SHA
cat <<EOF | python index.py -c ECDHE-ECDSA-AES256-GCM-SHA384 -
www.facebook.com
www.google.com
EOF
cat hosts.txt | python index.py -
TLS v1.3
TLS v1.0 (low priority as its life has already ended)
PSS Padding on signature algorithm
Other Cipher suites such as DE
http2
PR is welcome
When RSA is used for server authentication and key exchange, a 48-byte pre_master_secret
is generated by the client, encrypted under the server's public key, and sent to the server.
The server uses its private key to decrypt the pre_master_secret. Both parties then
convert the pre_master_secret into the master_secret.
Suggest Cipher Suites
Agree on ECDHE-RSA / ECDHE-ECDSA.
Server generates its ec key pair and sends the ec public key to the client along with the signature made by the server's private key which the public counterpart could be found in the server's digital certificate.
Client verifies the ec public key with the rsa / ec public key in the server's digital certificate.
Client uses the ec public key and generates its own ec key pair in exchange for the pre master secret.
Client sends its ec public key to the server.
Client generates the master secret with the pre master secret and having shared randoms.
Client starts sending encrypted data.
Server receives the client's ec public key
Server uses the client's ec public key and the server private key in exchange for the same pre master secret.
Server generates the master secret with the pre master secret and having shared randoms.
Server decrypts the request with the master secret.