通过python的ssl模块(OPENSSL)
#!/usr/bin/env python3 #-*- encoding:utf8 -*- import argparse,socket,ssl def client(host,port,cafile=None): purpose = ssl.Purpose.SERVER_AUTH context = ssl.create_default_context(purpose,cafile=cafile) raw_sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM) raw_sock.connect((host,port)) print("Connect to host {!r} and port {}".format(host,port)) ssl_sock = context.wrap_socket(raw_sock,server_hostname=host) while True: data = ssl_sock.recv(1024) if not data:break print(repr(data)) def server(host,port,certifle,cafile=None): purpose = ssl.Purpose.CLIENT_AUTH context = ssl.create_default_context(purpose,cafile=cafile) context.load_cert_chain(certifle) listener = socket.socket(socket.AF_INET,socket.SOCK_STREAM) listener.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1) listener.bind((host,port)) listener.listen(1) print('Listening at interface {!r} and port {}'.format(host,port)) raw_sock,address = listener.accept() print('Connection from host {!r} and port {}'.format(*address)) ssl_sock = context.wrap_socket(raw_sock,server_side=True) ssl_sock.sendall(b'Simple is better than Complex') ssl_sock.close() listener.close() if __name__ == "__main__": parser = argparse.ArgumentParser(description='Safe TLS client and server') parser.add_argument('host',help='Hostname or IP Address') parser.add_argument('port',type=int,help='TCP port number') parser.add_argument('-a',metavar='cafile',default=None, help='authority:Path to CA certificate PEM file') parser.add_argument('-s',metavar='certfile',default=None, help='Run as server:Path to server PEM file') args = parser.parse_args() if args.s: server(args.host,args.port,args.s,args.a) else: client(args.host,args.port,args.a)