PyKMIP: Can't seem to get SSL to work.
Hi Peter,
Once again I’m recreating a KMIP Server, and I’m having some problems this time around. When I try to launch the server I get this …
Traceback (most recent call last):
File "/usr/local/bin/pykmip/launch_server.py", line 27, in <module>
server.main()
File "/usr/local/lib/python3.7/dist-packages/kmip/services/server/server.py", line 673, in main
with s:
File "/usr/local/lib/python3.7/dist-packages/kmip/services/server/server.py", line 476, in __enter__
self.start()
File "/usr/local/lib/python3.7/dist-packages/kmip/services/server/server.py", line 300, in start
ciphers=self.auth_suite.ciphers
File "/usr/lib/python3.7/ssl.py", line 1216, in wrap_socket
context.load_cert_chain(certfile, keyfile)
ssl.SSLError: [SSL] PEM lib (_ssl.c:3845)
… the log …
root@kmipserver:~# cat /var/log/pykmip/server.log
2020-08-28 18:08:47,323 - kmip.server.config - INFO - Loading server configuration settings from: /etc/pykmip/server.conf
2020-08-28 18:08:47,340 - kmip.server.monitor - INFO - Starting up the operation policy file monitor.
2020-08-28 18:08:47,430 - kmip.server - INFO - Starting server socket handler.
2020-08-28 18:08:47,431 - kmip.server - DEBUG - Configured cipher suites: 1
2020-08-28 18:08:47,431 - kmip.server - DEBUG - TLS_RSA_WITH_AES_256_CBC_SHA
2020-08-28 18:08:47,431 - kmip.server - DEBUG - Authentication suite ciphers to use: 23
2020-08-28 18:08:47,431 - kmip.server - DEBUG - AES128-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - AES256-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - DH-DSS-AES256-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - DH-DSS-AES128-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - DH-RSA-AES128-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - DHE-DSS-AES128-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - DHE-RSA-AES128-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - DH-DSS-AES256-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - DH-RSA-AES256-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - DHE-DSS-AES256-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - DHE-RSA-AES256-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - ECDH-ECDSA-AES128-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - ECDH-ECDSA-AES256-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - ECDHE-ECDSA-AES128-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - ECDHE-ECDSA-AES256-SHA384
2020-08-28 18:08:47,431 - kmip.server - DEBUG - ECDH-RSA-AES128-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - ECDH-RSA-AES256-SHA384
2020-08-28 18:08:47,431 - kmip.server - DEBUG - ECDHE-RSA-AES128-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - ECDHE-RSA-AES256-SHA384
2020-08-28 18:08:47,431 - kmip.server - DEBUG - ECDHE-ECDSA-AES128-GCM-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - ECDHE-ECDSA-AES256-GCM-SHA384
2020-08-28 18:08:47,431 - kmip.server - DEBUG - ECDHE-ECDSA-AES128-SHA256
2020-08-28 18:08:47,431 - kmip.server - DEBUG - ECDHE-ECDSA-AES256-SHA384
2020-08-28 18:08:48,341 - kmip.server.monitor - INFO - Loading policies for file: /etc/pykmip/policy.json
2020-08-28 18:08:48,342 - kmip.server.monitor - INFO - Loading policy: default
2020-08-28 18:08:48,342 - kmip.server.monitor - WARNING - Policy 'default' overwrites a reserved policy and will be thrown out.
2020-08-28 18:13:56,688 - kmip.server.monitor - INFO - Stopping the operation policy file monitor.
Dump of my local certs …
root@kmipserver:~# openssl x509 -in /etc/pykmip/certs/server.crt -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
60:5d:0a:23:8a:32:8b:5b:af:ca:5b:08:62:47:bd:a0:14:67:e6:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: O = Praxis Engineering, CN = Root Certificate Authority
Validity
Not Before: Aug 24 14:48:14 2020 GMT
Not After : Aug 24 14:48:14 2021 GMT
Subject: O = Praxis Engineering, CN = KMIP Server Certificate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:a4:14:f7:70:0a:0a:2b:a0:da:74:f1:79:dd:
d5:87:e9:36:4f:4e:b8:c4:d8:e5:bb:58:69:f6:b1:
e7:5e:fb:5f:ae:8b:c7:df:98:96:60:ab:3a:b0:65:
0f:b3:9b:a3:ae:2e:1c:83:24:bd:48:f4:31:26:11:
3c:97:79:92:18:2a:ee:85:8b:7d:5a:58:49:23:92:
f1:0f:e4:32:5f:48:73:45:97:53:2f:1b:f2:8c:54:
b1:9a:9f:e9:a2:b0:b9:be:9c:93:dd:ba:88:b9:3c:
c1:ec:ce:f8:2e:d9:c8:9d:0c:b4:7f:b8:99:79:b1:
47:e5:d9:58:bd:7e:b1:fe:b2:23:6a:07:fa:b8:c3:
27:2b:72:b4:5e:a2:5b:58:ec:87:b3:e1:ed:a0:f3:
44:50:24:59:82:0a:cc:10:2b:fb:7e:1b:94:a5:30:
73:64:e2:31:f9:60:7a:e3:4f:fc:f6:eb:30:d4:09:
fb:20:6f:dc:c8:70:3f:b6:e1:26:90:5f:d1:97:49:
85:09:36:3b:d3:19:6f:e2:ac:b7:12:45:52:5a:b2:
e0:af:91:85:ba:f2:f4:86:16:d3:c7:20:23:b2:a4:
6e:e2:41:aa:ec:b0:fa:27:c1:5b:08:a5:11:72:8f:
9c:bc:8b:89:ae:2b:00:68:c4:f0:96:07:93:4d:82:
5f:2b
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
68:e3:1e:fe:38:5e:f2:83:05:84:4b:52:23:10:72:af:a9:bb:
0a:f2:e0:67:38:a9:84:78:ab:f9:ab:64:8e:39:38:f7:65:ce:
cf:78:1b:b2:b5:a3:f7:27:43:32:81:53:38:1f:36:e8:f6:4e:
6c:73:f0:e8:e0:47:95:fa:bb:74:cd:30:d3:83:17:07:02:cd:
8b:3b:4a:9a:a5:2f:03:aa:05:58:52:19:6f:c8:23:1a:1a:f7:
7e:ec:42:62:03:05:01:01:2e:42:0b:01:ad:f9:6a:27:2e:55:
35:45:9f:4a:ff:57:4a:66:83:a2:d9:b2:d2:33:0b:1d:76:d0:
f7:a1:da:f4:0c:75:b2:d9:53:2a:cd:e2:27:5c:c2:3e:41:e3:
34:47:19:ea:bc:ae:66:f1:74:d9:c4:ab:2b:9a:3f:4a:d1:fa:
00:68:c6:33:3e:4a:48:2b:75:cc:51:a8:22:bc:4d:8b:45:45:
c4:db:bf:5c:80:bc:06:1f:8e:0f:18:cd:5a:9c:f9:23:0a:c6:
f6:c1:9b:65:c0:ef:f0:aa:cc:09:80:95:bc:f0:3d:e2:26:81:
25:82:24:58:3b:bb:4f:fd:5a:6e:4c:34:1d:ea:df:99:56:dd:
63:02:47:e0:07:fb:e0:e7:2a:02:04:99:04:6f:73:78:31:d0:
53:db:f4:55
-----BEGIN CERTIFICATE-----
MIIDDTCCAfWgAwIBAgIUYF0KI4oyi1uvylsIYke9oBRn5gowDQYJKoZIhvcNAQEL
BQAwQjEbMBkGA1UECgwSUHJheGlzIEVuZ2luZWVyaW5nMSMwIQYDVQQDDBpSb290
IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMDA4MjQxNDQ4MTRaFw0yMTA4MjQx
NDQ4MTRaMD8xGzAZBgNVBAoMElByYXhpcyBFbmdpbmVlcmluZzEgMB4GA1UEAwwX
S01JUCBTZXJ2ZXIgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDRpBT3cAoKK6DadPF53dWH6TZPTrjE2OW7WGn2sede+1+ui8ffmJZg
qzqwZQ+zm6OuLhyDJL1I9DEmETyXeZIYKu6Fi31aWEkjkvEP5DJfSHNFl1MvG/KM
VLGan+misLm+nJPduoi5PMHszvgu2cidDLR/uJl5sUfl2Vi9frH+siNqB/q4wycr
crReoltY7Iez4e2g80RQJFmCCswQK/t+G5SlMHNk4jH5YHrjT/z26zDUCfsgb9zI
cD+24SaQX9GXSYUJNjvTGW/irLcSRVJasuCvkYW68vSGFtPHICOypG7iQarssPon
wVsIpRFyj5y8i4muKwBoxPCWB5NNgl8rAgMBAAEwDQYJKoZIhvcNAQELBQADggEB
AGjjHv44XvKDBYRLUiMQcq+puwry4Gc4qYR4q/mrZI45OPdlzs94G7K1o/cnQzKB
UzgfNuj2Tmxz8OjgR5X6u3TNMNODFwcCzYs7SpqlLwOqBVhSGW/IIxoa937sQmID
BQEBLkILAa35aicuVTVFn0r/V0pmg6LZstIzCx120Peh2vQMdbLZUyrN4idcwj5B
4zRHGeq8rmbxdNnEqyuaP0rR+gBoxjM+SkgrdcxRqCK8TYtFRcTbv1yAvAYfjg8Y
zVqc+SMKxvbBm2XA7/CqzAmAlbzwPeImgSWCJFg7u0/9Wm5MNB3q35lW3WMCR+AH
++DnKgIEmQRvc3gx0FPb9FU=
-----END CERTIFICATE-----
root@kmipserver:~# openssl x509 -in /etc/pykmip/certs/server.key -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
60:5d:0a:23:8a:32:8b:5b:af:ca:5b:08:62:47:bd:a0:14:67:e6:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: O = Praxis Engineering, CN = Root Certificate Authority
Validity
Not Before: Aug 24 14:48:14 2020 GMT
Not After : Aug 24 14:48:14 2021 GMT
Subject: O = Praxis Engineering, CN = KMIP Server Certificate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:a4:14:f7:70:0a:0a:2b:a0:da:74:f1:79:dd:
d5:87:e9:36:4f:4e:b8:c4:d8:e5:bb:58:69:f6:b1:
e7:5e:fb:5f:ae:8b:c7:df:98:96:60:ab:3a:b0:65:
0f:b3:9b:a3:ae:2e:1c:83:24:bd:48:f4:31:26:11:
3c:97:79:92:18:2a:ee:85:8b:7d:5a:58:49:23:92:
f1:0f:e4:32:5f:48:73:45:97:53:2f:1b:f2:8c:54:
b1:9a:9f:e9:a2:b0:b9:be:9c:93:dd:ba:88:b9:3c:
c1:ec:ce:f8:2e:d9:c8:9d:0c:b4:7f:b8:99:79:b1:
47:e5:d9:58:bd:7e:b1:fe:b2:23:6a:07:fa:b8:c3:
27:2b:72:b4:5e:a2:5b:58:ec:87:b3:e1:ed:a0:f3:
44:50:24:59:82:0a:cc:10:2b:fb:7e:1b:94:a5:30:
73:64:e2:31:f9:60:7a:e3:4f:fc:f6:eb:30:d4:09:
fb:20:6f:dc:c8:70:3f:b6:e1:26:90:5f:d1:97:49:
85:09:36:3b:d3:19:6f:e2:ac:b7:12:45:52:5a:b2:
e0:af:91:85:ba:f2:f4:86:16:d3:c7:20:23:b2:a4:
6e:e2:41:aa:ec:b0:fa:27:c1:5b:08:a5:11:72:8f:
9c:bc:8b:89:ae:2b:00:68:c4:f0:96:07:93:4d:82:
5f:2b
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
68:e3:1e:fe:38:5e:f2:83:05:84:4b:52:23:10:72:af:a9:bb:
0a:f2:e0:67:38:a9:84:78:ab:f9:ab:64:8e:39:38:f7:65:ce:
cf:78:1b:b2:b5:a3:f7:27:43:32:81:53:38:1f:36:e8:f6:4e:
6c:73:f0:e8:e0:47:95:fa:bb:74:cd:30:d3:83:17:07:02:cd:
8b:3b:4a:9a:a5:2f:03:aa:05:58:52:19:6f:c8:23:1a:1a:f7:
7e:ec:42:62:03:05:01:01:2e:42:0b:01:ad:f9:6a:27:2e:55:
35:45:9f:4a:ff:57:4a:66:83:a2:d9:b2:d2:33:0b:1d:76:d0:
f7:a1:da:f4:0c:75:b2:d9:53:2a:cd:e2:27:5c:c2:3e:41:e3:
34:47:19:ea:bc:ae:66:f1:74:d9:c4:ab:2b:9a:3f:4a:d1:fa:
00:68:c6:33:3e:4a:48:2b:75:cc:51:a8:22:bc:4d:8b:45:45:
c4:db:bf:5c:80:bc:06:1f:8e:0f:18:cd:5a:9c:f9:23:0a:c6:
f6:c1:9b:65:c0:ef:f0:aa:cc:09:80:95:bc:f0:3d:e2:26:81:
25:82:24:58:3b:bb:4f:fd:5a:6e:4c:34:1d:ea:df:99:56:dd:
63:02:47:e0:07:fb:e0:e7:2a:02:04:99:04:6f:73:78:31:d0:
53:db:f4:55
-----BEGIN CERTIFICATE-----
MIIDDTCCAfWgAwIBAgIUYF0KI4oyi1uvylsIYke9oBRn5gowDQYJKoZIhvcNAQEL
BQAwQjEbMBkGA1UECgwSUHJheGlzIEVuZ2luZWVyaW5nMSMwIQYDVQQDDBpSb290
IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMDA4MjQxNDQ4MTRaFw0yMTA4MjQx
NDQ4MTRaMD8xGzAZBgNVBAoMElByYXhpcyBFbmdpbmVlcmluZzEgMB4GA1UEAwwX
S01JUCBTZXJ2ZXIgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDRpBT3cAoKK6DadPF53dWH6TZPTrjE2OW7WGn2sede+1+ui8ffmJZg
qzqwZQ+zm6OuLhyDJL1I9DEmETyXeZIYKu6Fi31aWEkjkvEP5DJfSHNFl1MvG/KM
VLGan+misLm+nJPduoi5PMHszvgu2cidDLR/uJl5sUfl2Vi9frH+siNqB/q4wycr
crReoltY7Iez4e2g80RQJFmCCswQK/t+G5SlMHNk4jH5YHrjT/z26zDUCfsgb9zI
cD+24SaQX9GXSYUJNjvTGW/irLcSRVJasuCvkYW68vSGFtPHICOypG7iQarssPon
wVsIpRFyj5y8i4muKwBoxPCWB5NNgl8rAgMBAAEwDQYJKoZIhvcNAQELBQADggEB
AGjjHv44XvKDBYRLUiMQcq+puwry4Gc4qYR4q/mrZI45OPdlzs94G7K1o/cnQzKB
UzgfNuj2Tmxz8OjgR5X6u3TNMNODFwcCzYs7SpqlLwOqBVhSGW/IIxoa937sQmID
BQEBLkILAa35aicuVTVFn0r/V0pmg6LZstIzCx120Peh2vQMdbLZUyrN4idcwj5B
4zRHGeq8rmbxdNnEqyuaP0rR+gBoxjM+SkgrdcxRqCK8TYtFRcTbv1yAvAYfjg8Y
zVqc+SMKxvbBm2XA7/CqzAmAlbzwPeImgSWCJFg7u0/9Wm5MNB3q35lW3WMCR+AH
++DnKgIEmQRvc3gx0FPb9FU=
-----END CERTIFICATE-----
I’m using Python 3.7 exclusively and the script generated certs. I’ve double checked the configured paths, all are correct. I also checked the available ciphers (listed below).
root@kmipserver:~# /usr/bin/openssl ciphers -v
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA384
ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1
RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384
DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA384
RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1
DHE-PSK-AES256-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
PSK-AES256-CBC-SHA384 TLSv1 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA384
PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256
ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1
SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1
RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256
DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256
RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1
DHE-PSK-AES128-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
PSK-AES128-CBC-SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256
PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
Any hints where I’ve gone wrong?
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 29 (10 by maintainers)
CRAP! Through my too numerous iterations the fields in pykmip.conf got mutated to “…_path”. Maybe it would be nice to make the field names the same? Looking forward to the day normal certs can be used. Thanks, closing issue.