Scribd
Upload
6 views8 pages

Lecture 8 - Python TLS - Context and SSLSocket - Handouts

The document provides an overview of creating and managing TLS contexts and SSLSockets in Python. It explains the purpose of the TLS context, how to create it using helper functions, and the process of wrapping sockets for secure communications. Additionally, it covers error handling in Python and outlines a lab project involving the implementation of TLS in TCP Echo client and server programs.

Uploaded by

pallavofficial101
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views8 pages

Lecture 8 - Python TLS - Context and SSLSocket - Handouts

The document provides an overview of creating and managing TLS contexts and SSLSockets in Python. It explains the purpose of the TLS context, how to create it using helper functions, and the process of wrapping sockets for secure communications. Additionally, it covers error handling in Python and outlines a lab project involving the implementation of TLS in TCP Echo client and server programs.

Uploaded by

pallavofficial101
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Python TLS – Context

and SSLSocket

© 2024 Swinburne University of Technology 1

8.1 The TLS Context

© 2024 Swinburne University of Technology 2


TLS Context
What is the Purpose of the TLS Context - Refresher

TLS Context manages TLS


configurations
• New Connections
• Multiple Connections
• Allows you to specify application-wide
settings for all secure communications

Wrapping the Socket


• You cannot just create an SSLSocket
1. Create Context
2. Create Socket
3. Wrap Socket with Context to create
an SSLSocket

© 2024 Swinburne University of Technology 3

TLS Context
Creating the Context - Refresher

Don’t try to create the context directly


• Library provides helper functions
• Use create_default_context()

First Parameter – Specify TLS Purpose


• Are you acting as a server or client

Other Parameter – Certificate


• Specify certificate verification settings

© 2024 Swinburne University of Technology 4


TLS Context
Setting Context Details – Typical Configuration

Purpose
• You would typically only need to set the
Context Purpose
• Purpose.SERVER_AUTH – for developing a
client
• Purpose.CLIENT_AUTH – for developing a
server

Default Settings
• Purpose.SERVER_AUTH
• Use central root certificate store

© 2024 Swinburne University of Technology 5

TLS Context
More Complex Settings

Private Certificates
• You can specify alternate trusted
certificates
• For self-signed or private authority
• Can be provided when creating the
context or later

TLS Versions
• What if the other side is using older
software
• May need to specify particular options in
context to enable older versions of TLS

© 2024 Swinburne University of Technology 6


8.2 Creating the SSLSocket

© 2024 Swinburne University of Technology 7

Creating the SSLSocket


Wrapping the Socket
Client
• Create the Socket
• Call wrap_socket() method on Context with
Socket variable – returns SSLSocket
• Do NOT call Socket.connect() – wrap socket first,
then call SSLSocket.connect()
Server
• Create the Socket
• Call Socket.bind() and Socket.listen()
• Option 1
• Call Socket.accept()
• Wrap returned Socket with Context
• Option 2
• Wrap listening socket with Context
• Call SSLSocket.accept() – this will create and
return an SSLSocket
• Always pass server_side=True to wrap_socket() call
© 2024 Swinburne University of Technology 8
Creating the SSLSocket
After you have an SSLSocket
SSLSocket
• Wraps all normal Socket methods with the same functionality
• Except communications are encrypted

Self-Signed Certificates
• Verification will typically fail
• You would have to specify the certificate to trust either:
• When creating Context
• Call load_cert_chain() after Context is created

Example - Browser
• Verification will fail
• Get failed certificate and temporarily store locally
• Ask user to trust certificate
• Call load_cert_chain() with stored certificate
• Try again – two attempts © 2024 Swinburne University of Technology 9

8.3 Cleaner Programming

© 2024 Swinburne University of Technology 10


Cleaner Programming
Not Letting your Program Crash
• When something goes wrong, most
Python code will throw an exception
• If not caught, your program will crash
• Reasonable error message, but also
messy output
• Should use Python try/except block
• Catch and handle the exception

try:

Code that can fail

except Exception as e:

Handle exception

© 2024 Swinburne University of Technology 11

8.4 Tutorial and Laboratory

© 2024 Swinburne University of Technology 12


Week 8
Tutorial – Project Overview

Project Introduction
• Introduction to Graded Project within your Portfolio
• Overview of requirements
• Overview of grading scheme

© 2024 Swinburne University of Technology 13

Week 8
Lab – Python Programming

In this lab, you will complete the following objectives:


• Convert two Python programs that implement a TCP Echo client and server to use TLS
• Server to use a self-signed certificate
• Client to verify self-signed certificate
Credit Task:
• Client should retrieve and print certificate information to screen after TLS connection is
established

© 2024 Swinburne University of Technology 14

You might also like