Home/ Questions/Q 3959852
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T02:46:53+00:00

This is a follow up of this question: SSL handshake failures when no data

  • 0

This is a follow up of this question: SSL handshake failures when no data was sent over Twisted TLSConnection

I have implemented a simple SSL server that closes the connection as soon as the client is connected.

I am testing it with openssl and I got this handshake failure:

$ openssl s_client -connect localhost:12345                             
CONNECTED(00000003) 2329:error:140790E5:SSL routines:SSL23_WRITE
:ssl handshake failure:s23_lib.c:188:

The problem is that TLS.Connection.loseConnection does not wait for the ongoing handshake to be done and just disconnects the client.

A callback attached to OpenSSL.SSL.Connection.do_handshake would have been great… but unfortunately I don’t know if this can be done… or how to do it.

Any hints in how I could test that a TLS handshake was done is much appreciated. Many thanks!

Here is the code

class ApplicationProtocol(Protocol):
        '''Protocol that closes the connection when connection is made.'''
        def connectionMade(self):
            self.transport.loseConnection()

# Here is a barebone TLS Server
serverFactory = ServerFactory()
serverFactory.protocol = ApplicationProtocol
server_cert_path = 'server.pem'
serverContextFactory = DefaultOpenSSLContextFactory(
            privateKeyFileName = server_cert_path,
            certificateFileName = server_cert_path,
            sslmethod=SSL.SSLv23_METHOD)

tlsFactory = TLSMemoryBIOFactory(serverContextFactory, False, serverFactory)
reactor.listenTCP(12345, tlsFactory)
#reactor.listenSSL(12345, serverFactory, serverContextFactory)

For now I solve this really dirty and not 100% valid.

def tls_lose_connection(self):
    """
    Monkey patching for TLSMemoryBIOProtocol to wait for handshake to end,
    before closing the connection.

    Send a TLS close alert and close the underlying connection.
    """

    def close_connection():
        self.disconnecting = True
        if not self._writeBlockedOnRead:
            self._tlsConnection.shutdown()
            self._flushSendBIO()
            self.transport.loseConnection()

    # If we don't know if the handshake was done, we wait for a bit
    # and the close the connection.
    # This is done to avoid closing the connection in the middle of a
    # handshake.
    if not self._handshakeDone:
        reactor.callLater(0.5, close_connection)
    else:
        close_connection()


TLSMemoryBIOProtocol.loseConnection = tls_lose_connection
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The SSL context object can be configured with an “info callback” – Context.set_info_callback. This is a wrapper around SSL_CTX_set_info_callback. The slightly more convenient (in this case) SSL_set_info_callback for specifying a callback for a single connection is not exposed by pyOpenSSL, unfortunately.

    Amongst other things, the info callback is invoked when the handshake completes. With a few acrobatics, you should be able to turn this notification into a Deferred or some other callback onto the protocol.

    See the pyOpenSSL set_info_callback documentation and the OpenSSL SSL_CTX_set_info_callback documentation for details.

    • 0