Crossbar 0.9.5 SSL 'Context' object has no attribute 'set_tmp_ecdh_curve

#1

Hi,

···

Crossbar.io software versions:

Crossbar.io : 0.9.5
Autobahn : 0.8.9
Twisted : 14.0.0-EPollReactor
Python : 2.7.3
UTF8 Validator : autobahn
XOR Masker : autobahn

pyopenssl : 0.14

I was trying to run crossbar with TLS protection (self signed cert - prime256v1 ) and I was getting the following message:

Warning: OpenSSL failed to set ECDH default curve [‘Context’ object has no attribute ‘set_tmp_ecdh_curve’]

this function is called in crossbar/twisted/tlsctx.py

I’ve checked python libraries for that function and discovered it does not exists.
The name for that function in OpenSSL/SSL.py is ’ set_tmp_ecdh( curve ) ’

so I altered tlsctx.py to:

from cryptography.hazmat.bindings.openssl.binding import Binding
binding = Binding()
lib = binding.lib

curve = crypto._EllipticCurve(lib,ECDH_DEFAULT_CURVE,ECDH_DEFAULT_CURVE_NAME)
ctx.set_tmp_ecdh(curve)

…and now it accepts .

So was this a bug or am I missing something ? Anyway, crossbar ( tls ) runs also without it.

0 Likes

#2

Hi Gregor,

Crossbar's support for ECDHE predates the relevant bits in pyOpenSSL, Twisted and cryptography - and now that these projects phase in ECDHE, we need to adjust our (workaround) code ..

Note that ECDHE is not yet released with pyOpenSSL (see below). Once it is: https://github.com/crossbario/crossbar/issues/73

/Tobias

$ git checkout 0.14
oberstet@COREI7 ~/scm/contrib/pyopenssl ((0.14))
$ find . -name "*.py" -exec grep -H "ecdh" {} \;

$ git checkout master
Previous HEAD position was 0146d44... Bump version to 0.14 final
Switched to branch 'master'
oberstet@COREI7 ~/scm/contrib/pyopenssl (master)
$ find . -name "*.py" -exec grep -H "ecdh" {} \;
./OpenSSL/crypto.py: :py:meth:`Context.set_tmp_ecdh` to specify which elliptical curve should be
./OpenSSL/SSL.py: def set_tmp_ecdh(self, curve):
./OpenSSL/SSL.py: _lib.SSL_CTX_set_tmp_ecdh(self._context, curve._to_EC_KEY())
./OpenSSL/test/test_ssl.py: def test_set_tmp_ecdh(self):
./OpenSSL/test/test_ssl.py: :py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for
./OpenSSL/test/test_ssl.py: context.set_tmp_ecdh(curve)
oberstet@COREI7 ~/scm/contrib/pyopenssl (master)

···

Am 16.06.2014 11:08, schrieb Gregor Pohajac:

Hi,
-----------------------
Crossbar.io software versions:

Crossbar.io : 0.9.5
Autobahn : 0.8.9
Twisted : 14.0.0-EPollReactor
Python : 2.7.3
UTF8 Validator : autobahn
XOR Masker : autobahn
-----------------------------
pyopenssl : 0.14

I was trying to run crossbar with TLS protection (self signed cert -
prime256v1 ) and I was getting the following message:

Warning: OpenSSL failed to set ECDH default curve ['Context' object has
no attribute 'set_tmp_ecdh_curve']

this function is called in crossbar/twisted/tlsctx.py

I've checked python libraries for that function and discovered it does
not exists.
The name for that function in OpenSSL/SSL.py is ' set_tmp_ecdh( curve ) '

so I altered tlsctx.py to:

from cryptography.hazmat.bindings.openssl.binding import Binding
binding = Binding()
lib = binding.lib

curve =
crypto._EllipticCurve(lib,ECDH_DEFAULT_CURVE,ECDH_DEFAULT_CURVE_NAME)
ctx.set_tmp_ecdh(curve)

..and now it accepts .

So was this a bug or am I missing something ? Anyway, crossbar ( tls )
runs also without it.

--
You received this message because you are subscribed to the Google
Groups "Autobahn" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to autobahnws+...@googlegroups.com
<mailto:autobahnws+...@googlegroups.com>.
For more options, visit https://groups.google.com/d/optout.

0 Likes