Topic: Setting RSA key exchange as cipher suite for context in python2.7 wrap

Hi,
I am working on a university project trying to understand previous versions of WolfSSL. Specifically WolfSSL 0.1.2.
I am currently working with python 2.7 (since the build for was depreciated in python3) in a Linux enviornment.
I ran simple client-server codes to play with and see how things work and everything was fine.
As part of my project, I want to check specifically communication with the cipher suite TLS_RSA_WITH_AES_256_CBC_SHA.
I tried using the context.set_ciphers() function on the server-side, and in various ways, and nothing worked.
When I say nothing worked, I get the error:
`wolfssl.exceptions.SSLError: Unnable to set cipher list`
At first, I thought that it maybe is not supported in this version of WolfSSL, but when analyzing the communication that did work, I saw that Server Hello sent TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384. I tried using set_cipher() on this, expecting everything to work since it was what the server used by default, however I got the same error.
Thank you in advance.

Share

Re: Setting RSA key exchange as cipher suite for context in python2.7 wrap

Hello DLLegend,

At a certain version of wolfSSL static RSA cipher suites were disabled by default. The cipher suite TLS_RSA_WITH_AES_256_CBC_SHA is going to be less secure then those using ephemeral keys like TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384. To turn static cipher suite support on use the macro WOLFSSL_STATIC_RSA. If adding that macro to the build does not resolve the issue then send of the build options being used with wolfSSL and we can debug farther.

Warm Regards,
Jacob

Share

Re: Setting RSA key exchange as cipher suite for context in python2.7 wrap

Hi Jacob, thanks for the quick reply!
Is there some function with the python wrapper I can use to enable this configuration?
I haven’t gotten too familiar with the C code, and to be frank, I’m not the best when it comes to C ahah…
If there isn’t such an option then of-course i will try this.
To clarify, I simply need to add the macro to the C code and then compile it?
Thank you!

Share

Re: Setting RSA key exchange as cipher suite for context in python2.7 wrap

The wolfssl-py if being used looks at the default location of /usr/local when built by running "pip install". A couple ways to go about it would be to install wolfSSL at that default location having been compiled with the static RSA macro or to build wolfssl-py using the environment variable USE_LOCAL_WOLFSSL=/wherever/wolfssl/install/is/

To build wolfSSL with static RSA enabled go to the wolfSSL directory "cd wolfssl/" and run "./configure CPPFLAGS=-DWOLFSSL_STATIC_RSA --prefix=/wherever/wolfssl/install/is/  && make install".

Regards,
Jacob

Share

Re: Setting RSA key exchange as cipher suite for context in python2.7 wrap

Hi,
For some reason, when I perform pip install i constantly get:
AttributeError: 'module' object has no attribute 'req'
However, when I install wolfssl 0.1.2 from pycharm, it seems to install.
Digging through the files, I found the configure file, however, it did not let me perform the command specified as it didn't have permissions (even when run with sudo). I should note that this was run from a virtual environment.

Share

Re: Setting RSA key exchange as cipher suite for context in python2.7 wrap

Update:
I installed wolfssl-3.12.0-stable and managed to compile it with the flag you recommended.
I then performed python setup.py on the python wrapper.
Made sure to create a virtual environment in python that can see the wolfssl package (checked by running python console, importing wolfssl and printing wolfssl.__about__)
Everything up to here worked. However, again context.set_ciphers() did not work. No matter what I tried.
I want my server to be able to use the following suite: TLS_RSA_WITH_AES_256_CBC_SHA

Share

Re: Setting RSA key exchange as cipher suite for context in python2.7 wrap

Please double check that wolfSSL was built with static RSA suites enabled. To do this run the example client bundled with wolfSSL with -e "./examples/client/client -e". One of the cipher suites output should be AES256-SHA. It's easy to get a typo on the macro or any number of other things that would cause wolfSSL to build but not include the static RSA cipher suites.

Share

Re: Setting RSA key exchange as cipher suite for context in python2.7 wrap

Maybe I misunderstood.

I thought i simply needed to build WolfSSL by performing:
./configure CPPFLAGS=-DWOLFSSL_STATIC_RSA --prefix=/wherever/wolfssl/install/is/  && make install
and continuing as regular with the installation (as in the README).

What does it mean to add a macro to the build? How can I do this? What do I need to do? (Again sorry for my lacking C knowledge).

In the meantime, I will check "./examples/client/client -e"

Share

Re: Setting RSA key exchange as cipher suite for context in python2.7 wrap

I ran the command ./examples/client/client -e.
Indeed AES256-SHA is in the output, however, if I perform in python context.set_ciphers("AES256-SHA") or  context.set_ciphers("TLS-RSA-WITH-AES-256-CBC-SHA") I still get the error:

wolfssl.exceptions.SSLError: Unnable to set cipher list

Share

Re: Setting RSA key exchange as cipher suite for context in python2.7 wrap

Hi, just making sure these questions haven't gone unnoticed.

Share

Re: Setting RSA key exchange as cipher suite for context in python2.7 wrap

Hi,
I also work on a project where I need to communicate with a server WolfSSL-3.12.0-stable.
I need the server and client to exchange RSA keys, and from this conversation I did not understand how to do it.
if someone could send me detailed steps for that matter it will help me a lot.
thanks.

Share

Re: Setting RSA key exchange as cipher suite for context in python2.7 wrap

Here is an example of static rsa build and use with wolfssl-py.

mkdir test && cd test
git clone --depth=1 git@github.com:wolfssl/wolfssl-py.git
git clone --depth=1 git@github.com:wolfssl/wolfssl.git

cd wolfssl
./autogen.sh && ./configure CPPFLAGS=-DWOLFSSL_STATIC_RSA --enable-sni --enable-opensslextra --enable-opensslall --enable-debug --prefix=`pwd`/../wolfssl-install && make && make install

cd ../wolfssl-py
USE_LOCAL_WOLFSSL=`pwd`/../wolfssl-install/ pip install .
export LD_LIBRARY_PATH=`pwd`/../wolfssl-install/lib
python3 ./examples/server.py -l AES256-SHA256

Regards,
Jacob

Share