Adds TLS-PSK support to the Python ssl package
Project description
sslpsk3
This module adds TLS-PSK support to the Python 2.7 and 3.x ssl
package. Simply use
sslpsk3.wrap_socket(sock, psk=b'...', ...)
instead of
ssl.wrap_socket(sock, ...)
Backstory
There were two published versions on PyPI, both without Python 3.11 support.
Additionally, for whatever reason, the Windows build of sslpsk2 for Python 3.10 has been linked against OpenSSL 3,
while Python 3.10 on Windows uses OpenSSL 1.1.1, which causes run-time crashes (Python started using OpenSSL 3 in 3.11.5).
This fork aims to fix the incompatibility between OpenSSL versions.
Availability of binary wheels for Windows:
sslpsk |
sslpsk2 |
sslpsk3 |
|
|---|---|---|---|
| Python 2.7 | 1.0.0 | - | - |
| Python 3.3 | 1.0.0 | - | - |
| Python 3.4 | 1.0.0 | - | - |
| Python 3.5 | 1.0.0 | - | - |
| Python 3.6 | 1.0.0 | - | - |
| Python 3.7 | - | 1.0.1 | - |
| Python 3.8 | - | 1.0.1 | 1.1.0+ |
| Python 3.9 | - | 1.0.1 | 1.1.0+ |
| Python 3.10 | - | 1.0.2 | 1.1.0+ |
| Python 3.11 | - | - | 1.1.0+ |
| Python 3.12 | - | - | 1.1.1+ |
Installation
pip install sslpsk3
pip builds from source for Linux and Mac OSX, so a C compiler, the Python
development headers, and the openSSL development headers are required. For
Microsoft Windows, pre-built binaries are available so there are no such
prerequisites.
Usage
sslpsk3.wrap_socket(...) is a drop-in replacement for ssl.wrap_socket(...) that
supports two additional arguments, psk and hint.
psk sets the preshared key and, optionally, the identity for a client
connection. hint sets the identity hint for a server connection and is
optional.
For client connections, psk can be one of four things:
- Just the preshared key.
sslpsk3.wrap_socket(sock, psk=b'mypsk')
- A tuple of the preshared key and client identity.
sslpsk3.wrap_socket(sock, psk=(b'mypsk', b'myidentity'))
- A function mapping the server identity hint to the preshared key.
PSK_FOR = {b'server1' : b'abcdef',
b'server2' : b'123456'}
sslpsk3.wrap_socket(sock, psk=lambda hint: PSK_FOR[hint])
- A function mapping the server identity hint to a tuple of the preshared key and client identity.
PSK_FOR = {b'server1' : b'abcdef',
b'server2' : b'123456'}
ID_FOR = {b'server1' : b'clientA',
b'server2' : b'clientB'}
sslpsk3.wrap_socket(sock, psk=lambda hint: (PSK_FOR[hint], ID_FOR[hint]))
For server connections, psk can be one of two things:
- Just the preshared key.
sslpsk3.wrap_socket(sock, server_side=True, psk=b'mypsk')
- A function mapping the client identity to the preshared key.
PSK_FOR = {b'clientA' : b'abcdef',
b'clientB' : b'123456'}
sslpsk3.wrap_socket(sock, server_side=True, psk=lambda identity: PSK_FOR[identity])
Additionally for server connections, the optional server identity hint is
specified using the hint argument.
sslpsk3.wrap_socket(sock, server_side=True, hint=b'myidentity', psk=b'mypsk')
If hint is not specified, None, or the empty string, the identity hint
will not be sent to the client.
Example Server
from __future__ import print_function
import socket
import ssl
import sslpsk3
PSKS = {'client1' : 'abcdef',
'client2' : '123456'}
def server(host, port):
tcp_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
tcp_sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
tcp_sock.bind((host, port))
tcp_sock.listen(1)
sock, _ = tcp_sock.accept()
ssl_sock = sslpsk3.wrap_socket(sock,
server_side = True,
ssl_version=ssl.PROTOCOL_TLSv1,
ciphers='ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH',
psk=lambda identity: PSKS[identity],
hint=b'server1')
msg = ssl_sock.recv(4).decode()
print('Server received: %s'%(msg))
msg = "pong"
ssl_sock.sendall(msg.encode())
ssl_sock.shutdown(socket.SHUT_RDWR)
ssl_sock.close()
def main():
host = '127.0.0.1'
port = 6000
server(host, port)
if __name__ == '__main__':
main()
Example Client
from __future__ import print_function
import socket
import ssl
import sslpsk3
PSKS = {b'server1' : b'abcdef',
b'server2' : b'uvwxyz'}
def client(host, port, psk):
tcp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
tcp_socket.connect((host, port))
ssl_sock = sslpsk3.wrap_socket(tcp_socket,
ssl_version=ssl.PROTOCOL_TLSv1,
ciphers='ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH',
psk=lambda hint: (PSKS[hint], b'client1'))
msg = "ping"
ssl_sock.sendall(msg.encode())
msg = ssl_sock.recv(4).decode()
print('Client received: %s'%(msg))
ssl_sock.shutdown(socket.SHUT_RDWR)
ssl_sock.close()
def main():
host = '127.0.0.1'
port = 6000
client(host, port, PSKS)
if __name__ == '__main__':
main()
Changelog
- 0.1.0 (July 31, 2017)
- initial release
- 1.0.0 (August 2, 2017)
- include tests in pip distribution
- add support for Windows
- 1.0.1 (August 11, 2020)
- OpenSSL 1.1.1
- Fix with _sslobj
- Build from source in Windows with error description, when OpenSSL files are not present
- 1.1.0 (September 13, 2023)
- Migrate to GitHub actions
- Reformat code
- Support OpenSSL v1 and v3
Acknowledgments
Fork of drbild/sslpsk.
The main approach was borrowed from webgravel/common-ssl.
Version from autinerd/sslpsk2 updated to work with OpenSSL v1 and v3.
Contributing
Please submit bugs, questions, suggestions, or (ideally) contributions as issues and pull requests on GitHub.
License
Copyright 2017 David R. Bild, 2020 Sidney Kuyateh, 2023 Kuba Szczodrzyński
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this work except in compliance with the License. You may obtain a copy of the License from the LICENSE.txt file or at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
File details
Details for the file sslpsk3-1.1.1.tar.gz.
File metadata
- Download URL: sslpsk3-1.1.1.tar.gz
- Upload date:
- Size: 14.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.10.13 Linux/6.2.0-1015-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 7839fbfc82b4069819d9b29f4e9eab772b68c109e4cb705dc2f2ce992ce54afe |
|
| MD5 | 1ca0eccd7b2f9f25e1e7301772ec88e3 |
|
| BLAKE2b-256 | de72d5505300173d7606f1fe774d3f9b21fcbc7a5d7a1c5053a9a2005fb0292d |
File details
Details for the file sslpsk3-1.1.1-cp312-cp312-win_amd64.whl.
File metadata
- Download URL: sslpsk3-1.1.1-cp312-cp312-win_amd64.whl
- Upload date:
- Size: 27.1 kB
- Tags: CPython 3.12, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.10.13 Linux/6.2.0-1015-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8b95fc2ab8c0113f49d30a7b67c02508fb94b7db8e7d2dbc787fa7861ef48e69 |
|
| MD5 | a2f3afc14ddaebc051ff8907036db69d |
|
| BLAKE2b-256 | d04fe948c255c369a8c6c2ddc6d96f75bad27735dad7b76bec632b28bb47f254 |
File details
Details for the file sslpsk3-1.1.1-cp311-cp311-win_amd64.whl.
File metadata
- Download URL: sslpsk3-1.1.1-cp311-cp311-win_amd64.whl
- Upload date:
- Size: 27.0 kB
- Tags: CPython 3.11, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.10.13 Linux/6.2.0-1015-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bf185ff3520ca03950063a2ad5a0f17965bdddc5e67963448b60e2861ddd5e8e |
|
| MD5 | 640014f6ef99cc0098178d0b7d0e53c2 |
|
| BLAKE2b-256 | 9239a954d3e9e6c772b0ba90880f9225287f9dd71c4c240db870569c230c3504 |
File details
Details for the file sslpsk3-1.1.1-cp310-cp310-win_amd64.whl.
File metadata
- Download URL: sslpsk3-1.1.1-cp310-cp310-win_amd64.whl
- Upload date:
- Size: 27.0 kB
- Tags: CPython 3.10, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.10.13 Linux/6.2.0-1015-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5f71bf6a7b79e6af20ed2440bfe8fd6710b99f6d1dc5e72752ab5d3b90645d15 |
|
| MD5 | 19408a166c785278d0a8deca41d99140 |
|
| BLAKE2b-256 | 6ed03b5116d621b62687053b79d87c11af087d49e876b9677a1ec06b0f039392 |
File details
Details for the file sslpsk3-1.1.1-cp39-cp39-win_amd64.whl.
File metadata
- Download URL: sslpsk3-1.1.1-cp39-cp39-win_amd64.whl
- Upload date:
- Size: 27.0 kB
- Tags: CPython 3.9, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.10.13 Linux/6.2.0-1015-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | dae5dbda3690748d055a3fb9bcc5ceacc983e4c4fd2031a352464f78a3ce2ad6 |
|
| MD5 | 3536964387f9e50d796f4ebbf6b95a9a |
|
| BLAKE2b-256 | 56a8962abf12f7ae579e673187bf3e415bc2894c3a2d640026dda5b61cc39138 |
File details
Details for the file sslpsk3-1.1.1-cp38-cp38-win_amd64.whl.
File metadata
- Download URL: sslpsk3-1.1.1-cp38-cp38-win_amd64.whl
- Upload date:
- Size: 27.0 kB
- Tags: CPython 3.8, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.10.13 Linux/6.2.0-1015-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2ef7b2aa6fa28da3f37bbd0cae4737d7881f2f127e87728744799ff9737e2a28 |
|
| MD5 | e4f58edcc7b30407f58cb8257abed52a |
|
| BLAKE2b-256 | d34fa25d057f0846a2384df0055cc496c7e03283ff4fcf3d8e22e1c1557a21a4 |
