Path: csiph.com!fu-berlin.de!uni-berlin.de!not-for-mail
From: TwoThree Tee <t22330033@gmail.com>
Newsgroups: comp.lang.python
Subject: Why I got handshake failure when passing specific ciphers to wrap_socket?
Date: Tue, 22 Mar 2016 16:27:29 +0800
Lines: 8
Message-ID: <mailman.486.1458635317.12893.python-list@python.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Trace: news.uni-berlin.de I+kDh5q+S5jbOoEbQTBRPgb8GknUHVlbliYOhxkcBCNA==
Return-Path: <t22330033@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.017
X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'cipher': 0.09; 'subject:Why': 0.09; 'ciphers': 0.16; 'handshake': 0.16; 'openssl': 0.16; 'received:io': 0.16; 'received:psf.io': 0.16; 'subject:when': 0.16; 'later': 0.16; 'case.': 0.18; 'thanks.': 0.18; 'tried': 0.24; 'supported': 0.27; 'message- id:@mail.gmail.com': 0.27; 'idea': 0.28; 'included': 0.32; 'received:google.com': 0.35; 'skip:i 20': 0.36; 'received:209.85': 0.36; 'url:non-standard http port': 0.36; 'to:addr:python-list': 0.36; 'subject:?': 0.36; 'two': 0.37; 'client': 0.37; 'one,': 0.37; 'received:209': 0.38; 'why': 0.39; 'well.': 0.40; 'to:addr:python.org': 0.40; 'url:ebay': 0.84
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to; bh=5s7bsw5Xk27HFMLhYbb/AoEdcIhnNnhvJvUAOhB6ICc=; b=ChQf/0s8qpbPsnp0FIqYljHTz1i2S3REOAX/+82ZxlvD7tjQOOVN3TPbUZZdmSjWfB AEkQyHBaSksHwIcxKrrWUSnX11KaCYdP1HQmZAW3NeLGB+egWn5fifQq+GarGw+WFNLy fXTOguPRqQexV3eZXvi67cz6UFaq2YaT/0fGTYkJ9v0VTUJfkGJUB2q50ecwmsw88qHC ADwZgp8ebt5Ob3C531aAWst1qYIoZVio/6nrzbjWpA5bFLljzoddIufWjwGI5lgT2IE7 bn/nZSgpM4rGmBSCq+0VutdkfSlhaM+sN9psrndLF9JL1ZvgwOxEjB978ADIB7ko2J94 JVmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=5s7bsw5Xk27HFMLhYbb/AoEdcIhnNnhvJvUAOhB6ICc=; b=Og4qTPfVGXsrMUxZyxGC0PbHLaCPwoIPwVkWeUzR4GMX2fdfuOTonKhcF9RbgoYLdS mjXiljCIPRd8MSvbmXNQgC8cnUF1m6fIL6hjgyXbop3FGFhwB1t6NQPUjCKJG40JO6xx VvGeK7DgJ+7pK44LA936b4G76/JtWTgbEBOP01MwbLrYFtzgq8R8Ag6yVhJeC8LDbOYF yjnjbKDZRT2U7vKDQHOcxe5SIUL0AeAaNTHcwPC0b/fxG8gJFKE+L+RfOaAs/Mr2ZZzZ fd4mD4P4mJJafcil9dbDiY++Rk+9IJX832fKvGOVF5pWKOAT0aau1R5AIy7rjWrWN3dE EsHQ==
X-Gm-Message-State: AD7BkJKsgInEDJP/8EdVyOCASC49Ht3YpBixS1SbkdrK46VBcXF29AH+EsQ9jVs2m4XFCAilGrpWpn754s9oBw==
X-Received: by 10.129.21.213 with SMTP id 204mr15696145ywv.70.1458635249318; Tue, 22 Mar 2016 01:27:29 -0700 (PDT)
X-Mailman-Approved-At: Tue, 22 Mar 2016 04:28:35 -0400
X-Content-Filtered-By: Mailman/MimeDel 2.1.21
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Xref: csiph.com comp.lang.python:105453

I tried two kinds of ciphers "kRSA, aRSA, RSA" and "kDHE, kEDH, DH". The
later failed with handshake failure alert (observed from packet dump). For
the successful one, the chosen cipher suite is DHE-RSA-AES256-SHA which is
also included in the Client Hello message of the failed case. That's what
confused me. Since I have provided the supported cipher suite why the
handshake failed? I also tried the cipher with openssl: openssl s_client
-connect ebay.com:443 -cipher "kDHE, kEDH, DH" -tls1, and it works well.
Any idea to troubleshoot? Thanks.