Last active
April 6, 2022 18:08
-
-
Save gnilchee/da85b495d4e932da91a3 to your computer and use it in GitHub Desktop.
Simple Single threaded HTTPS (SSL) "Server" using Python 3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import http.server, socketserver, socket, ssl | |
PORT = 443 | |
HOST = socket.gethostname() | |
Handler = http.server.SimpleHTTPRequestHandler | |
https = socketserver.TCPServer(("0.0.0.0", PORT), Handler) | |
https.socket = ssl.wrap_socket(https.socket, keyfile='/path/to/keyfile.key', certfile='/path/to/certfile.crt', server_side=True, ssl_version=ssl.PROTOCOL_TLSv1_2, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers='ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK') | |
print("Listening to port", PORT, "from", HOST) | |
https.serve_forever() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout keyfile.key -out certfile.crt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Software versions used:
Ubuntu 15.04
Python 3.4.3
OpenSSL 1.0.1f 6 Jan 2014 (built on: Thu Mar 19 15:10:44 UTC 2015)
References:
https://docs.python.org/3.4/library/http.server.html (script basics)
https://docs.python.org/3.4/library/ssl.html#socket-creation (SSL socket creation)
https://docs.python.org/3.4/library/ssl.html#ssl.PROTOCOL_TLSv1_2 (enabling correct ssl_version)
Inspired this project:
https://www.piware.de/2011/01/creating-an-https-server-in-python/
NOTE: When choosing a port, use of 443 requires root running the script (in most cases).
WARNING: Although I have made an attempt to limit the vulnerabilities of this configuration I am sure there are plenty of things I have forgotten.
EDIT: Using the self signed key issued using the openssl.example and the configuration above I was able to attain A rating (ignoring self-signed cert trust issues) from Qualys SSL Server Test. REF: http://i.imgur.com/LpHPGCW.png