Sunday 23 October 2011

Implementing a HTTPS server in Python

Web applications often transfer sensitive data between client and server. Even a session id is not something that should be vulnerable to eavesdropping. It is therefore a very good idea to encrypt all communication and implement a HTTPS server.

Subclassing HTTPServer

Python's ssl module has been cleaned up quite a bit since version 3.x and with a little help from this recipe it was incredibly simple to adapt the HTTPServer class from the http.server module to accept only secure connections:

import ssl
import socket
from socketserver import BaseServer
from http.server import HTTPServer
  
class HTTPSServer(HTTPServer):
 def __init__(self,address,handler):
  BaseServer.__init__(self,address,handler)
  
  self.socket = ssl.SSLSocket(
   sock=socket.socket(self.address_family,self.socket_type),
   ssl_version=ssl.PROTOCOL_TLSv1,
   certfile='test.pem',
   server_side=True)
  self.server_bind()
  self.server_activate()

All we do basically is change the initialization code to create a secure socket instead of a regular one (in line 10). The things to watch out for is the ssl_version: older versions are considered unsafe so we use TLS 1.0 here. Also the certificate file we use here contains both our certificate and our private key. If you want to use a self signed certificate for testing purposes you could generate one with openssl (most UNIX-like operating systems offer binary packages, for a precompiled package for windows check the faq.)

openssl req -new -x509 -keyout test.pem -out test.pem -days 365 -nodes

Note that your browser will still complain about this certificate because it is self signed.

Geplaatst door Michel op Sunday, October 23, 2011
Labels: , , , , ,

3 comments:

  1. Antonio16 March 2014 at 13:12

    Dear Michel, thanks for the code. Do you know how I use as HTTPRequestHandler.setup(self)?
    I used:

    def setup(self):
    self.connection = self.request
    self.rfile = self.request.makefile(mode='rb',buffering=self.rbufsize)
    self.wfile = self.request.makefile(mode='wb',buffering=self.rbufsize)

    The program runs, but when I makes a browser request, the server recieve a bunch of random symbols (like they are not decrypted, or ill-decripted)

    Any idea? thanks!

    ReplyDelete
  2. jane holly20 September 2020 at 01:29

    This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

    -Phone hacks (remotely)
    -Credit repair
    -Bitcoin recovery (any cryptocurrency)
    -Make money from home (USA only)
    -Social media hacks
    -Website hacks
    -Erase criminal records (USA & Canada only)
    -Grade change
    -funds recovery

    Email: onlineghosthacker247@ gmail .com

    ReplyDelete
  3. anjali11 December 2020 at 02:43

    jQuery loop over JSON result
    PHP MYSQL Advanced Search Feature
    Simple Show Hide Menu Navigation
    NodeJS Simple way to send SMTP mail
    Simple pagination in PHP
    Date Timestamp Formats in PHP
    Getting IP address and type in Node js
    R Plot Types
    Php file based authentication
    PHP user registration & login/ logout

    ReplyDelete

Subscribe to: Post Comments (Atom)