SSL socket dying on client and no errors on server

Asked

Viewed 589 times

9

I have a problem with connections with Sockets ssl in python

When performing a stress test on the SMTP daemon I am writing the client some sending threads die with "Connection reset by peer" , however on the server side there is no Exception and I do not perform any treatment on the socket that might be capturing the error.

The daemon is derived from the native python class Smtpserver and therefore uses asyncore.Dispatcher to manage multiple connections

Error in client:

Exception in thread Thread-21:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 808, in __bootstrap_inner
    self.run()
  File "/usr/lib/python2.7/threading.py", line 761, in run
    self.__target(*self.__args, **self.__kwargs)
  File "pop_bomb_client.py", line 45, in concurrent_thread
    sendmess(k)
  File "pop_bomb_client.py", line 31, in sendmess
    sempop=smtplib.SMTP_SSL(server,465)
  File "/usr/lib/python2.7/smtplib.py", line 781, in __init__
    SMTP.__init__(self, host, port, local_hostname, timeout)
  File "/usr/lib/python2.7/smtplib.py", line 251, in __init__
    (code, msg) = self.connect(host, port)
  File "/usr/lib/python2.7/smtplib.py", line 311, in connect
    self.sock = self._get_socket(host, port, self.timeout)
  File "/usr/lib/python2.7/smtplib.py", line 787, in _get_socket
    new_socket = ssl.wrap_socket(new_socket, self.keyfile, self.certfile)
  File "/usr/lib/python2.7/ssl.py", line 451, in wrap_socket
    ciphers=ciphers)
  File "/usr/lib/python2.7/ssl.py", line 207, in __init__
    self.do_handshake()
  File "/usr/lib/python2.7/ssl.py", line 369, in do_handshake
    self._sslobj.do_handshake()
error: [Errno 104] Connection reset by peer

Socketssl in the Server:

def create_socket(self, family, stype):
    self.family_and_type = family, stype
    sock = ssl.wrap_socket(socket.socket(family, stype),'cert.key', 'cert.cert',server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
    sock.setblocking(0)
    self.set_socket(sock)
python smtp socket ssl

  • Have you checked your certificates? Are they expired or are they self-signed? If so, have you seen if the customer is not rejecting the connection for this and you need to enable something to force him to accept?

  • yes, it is a valid certificate and this ok, I did tests with a fake and the only thing was to accept the certificate in Thunderbird, after accepting once it was already working without any problem... the error I have is only in front of load... I think in practice is my bot client that is not performing... the server nor feel with 20 simultaneous connections..

  • Enter the code of how you are running the threads. There are load related problems. What type of server you are using to run the server?

  • It would be interesting to have access to your client’s code

1 answer

4

OK,

Let’s go because this is a complex problem with complex variables too.

Its details were few but allow to infer that:

  1. are using python SSL;
  2. You are probably working on a Linux server or connecting to one;

The mistake:

  File "/usr/lib/python2.7/ssl.py", line 369, in do_handshake
    self._sslobj.do_handshake()
error: [Errno 104] Connection reset by peer

It basically refers to the server connection REFUSAL to the client. As we have few details this can be by basically:

  1. Server refusal to meet (due to demand);
  2. Inability to carry out SSL Handshake.

In your server code you have used Sock.setblocking(0) clearly making it clear that you do not want to block connections the documentation is clear:

In non-blocking mode, if a recv() call doesn’t find any data, or if a send() call can’t immediately dispose of the data, a error exception is raised;

But again like we don’t have the code used we don’t know how you’re handling these exceptions.

Another assumption is that openssl ta with bug number 683159 creating these Handshake errors mainly occurs with apache Servers. The solution of this would be to specify in your socket the version 3 as for example

 def create_socket(self, family, stype):
    self.family_and_type = family, stype
    sock = ssl.wrap_socket(socket.socket(family, stype),'cert.key', 'cert.cert',server_side=True,ssl_version=ssl.PROTOCOL_SSLv3)

I hope I’ve solved this problem and have a good week

Browser other questions tagged python smtp socket ssl

You are not signed in. Login or sign up in order to post.