Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add check for ALPN #327

Open
ericrange opened this issue Aug 13, 2018 · 2 comments
Open

Add check for ALPN #327

ericrange opened this issue Aug 13, 2018 · 2 comments
Labels
new-check

Comments

@ericrange
Copy link

Feel free to use it:

#! /usr/bin/env python3
import socket
import ssl

HOST = 'secure.deutschebank.be'
PORT = 443
PROTOCOLS = ['h2', 'spdy/3', 'http/1.1']

def supports_alpn():
	try:
		ctx = ssl.create_default_context()
		ctx.check_hostname = False
		ctx.verify_mode = ssl.CERT_NONE
		ctx.set_alpn_protocols(PROTOCOLS)

		connection = ctx.wrap_socket(
		   socket.socket(socket.AF_INET, socket.SOCK_STREAM), server_hostname=HOST)

		connection.connect((HOST, PORT))

		return connection.selected_alpn_protocol() != None

		#TODO : Connection close

	except:
		pass

	return False


def supports_npn():
	try:
		ctx = ssl.create_default_context()
		ctx.check_hostname = False
		ctx.verify_mode = ssl.CERT_NONE
		ctx.set_npn_protocols(PROTOCOLS)

		connection = ctx.wrap_socket(
		   socket.socket(socket.AF_INET, socket.SOCK_STREAM), server_hostname=HOST)

		connection.connect((HOST, PORT))

		return connection.selected_npn_protocol() != None

		#TODO : Connection close

	except:
		pass

	return False
@nabla-c0d3 nabla-c0d3 changed the title ALPN and NPN Add check for ALPN Aug 14, 2018
@nabla-c0d3
Copy link
Owner

Since Python 3.6 is now the minimum version, this should be easy to add (ALPN support is only available since Python 3.5). Also, only ALPN should be needed as it deprecates NPN (https://www.imperialviolet.org/2013/03/20/alpn.html).

@nabla-c0d3 nabla-c0d3 added this to the 2.1.4 milestone Jul 29, 2019
@nabla-c0d3 nabla-c0d3 removed this from the 2.1.4 milestone Oct 9, 2019
@mynameiswillporter
Copy link

Bumping this to indicate support for an ALPN check. The ALPN check is important to be able to evaluate susceptibility and the ability to mitigate ALPACA type attacks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new-check
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ericrange @nabla-c0d3 @mynameiswillporter