startTLS: enable Diffie-Hellman based key exchange on server

Following the guidelines reported in the Twisted documentation here https://twistedmatrix.com/documents/current/core/howto/ssl.html this commit enables Diffie-Hellman based key exchange on the server. Before launching the server, a parameters .pem file must be generated as detailed in https://twistedmatrix.com/documents/18.9.0/api/twisted.internet.ssl.DiffieHellmanParameters.html by running `openssl dhparam -out dh_param_1024.pem -2 1024` on the server machine. This parameters file must be placed in the same path that contains the server certificates.
2019-02-07 15:34:43 +01:00 · 2019-02-07 15:34:43 +01:00 · 9b4338146e
commit 9b4338146e
parent b19f2eaaac
1 changed files with 6 additions and 1 deletions
--- a/syncplay/server.py
+++ b/syncplay/server.py
@ -13,6 +13,7 @@ from twisted.internet.protocol import Factory
 try:
    from OpenSSL import crypto
    from twisted.internet import ssl
+    from twisted.python.filepath import FilePath
 except:
    pass

@ -213,8 +214,12 @@ class SyncFactory(Factory):
            certifpyssl = crypto.load_certificate(crypto.FILETYPE_PEM, certif)
            chainpyssl = [crypto.load_certificate(crypto.FILETYPE_PEM, chain)]

+            dhFilePath = FilePath(path+'/dh_param_1024.pem')
+            dhParams = ssl.DiffieHellmanParameters.fromFile(dhFilePath)
+
            contextFactory = ssl.CertificateOptions(privateKey=privkeypyssl, certificate=certifpyssl,
-                                                    extraCertChain=chainpyssl, raiseMinimumTo=ssl.TLSVersion.TLSv1_2)
+                                                    extraCertChain=chainpyssl, dhParameters=dhParams,
+                                                    raiseMinimumTo=ssl.TLSVersion.TLSv1_2)
            self.options = contextFactory
        except Exception as e:
            print(e)