We Keep Coding

SSL messages encoding

I am trying to build an SSL Server under Python 3.4. The point is to communicate and exchange data with a programme through a defined protocol based on JSON data format.
So I used a basic "echo server" and client in SSL Protocol and modified those to see if I could exchange data. It worked and sending "hello" one side comes as b"hello" on the other side and it works both ways.
I start the server side, connect the program, it communicates succesfully, but:
I am expecting something like : LOGIN:n::{“user”:”XXXXX”, , ”password”:”YYYYY ”, app”:”ZZZZZ”, “app_ver”:”zzz”, ”protocol”:”xxx”,”protocol_ver”:”xxxx”} arriving from the client (program)
But instead I am getting something like this b"\x16\x03\x03\x00\x8e\x01\x00\x00\x8a\x03\x03^\x9e\xeb\xd8\x8f\xd9 \x05v\xbbF:}\xda\x17\xf7\x13\xff\xa9\xde=5\xfb_\xbco\x16\x96EL#\x00\x00*\xc0,\xc0+\xc00\xc0/\x00\x9f\x00\x9e\xc0$\xc0#\xc0(\xc0'\xc0\n\xc0\t\xc0\x14\xc0\x13\x00\x9d\x00\x9c\x00=\x00<\x005\x00/\x00\n\x01\x00\x007\x00\n\x00\x08\x00\x06\x00\x1d\x00\x17\x00\x18\x00\x0b\x00\x02\x01\x00\x00\r\x00\x14\x00\x12\x06\x01\x06\x03\x04\x01\x05\x01\x02\x01\x04\x03\x05\x03\x02\x03\x02\x02\x00#\x00\x00\x00\x17\x00\x00\xff\x01\x00\x01\x00"
I thought it was simply encoded, but I have tried the bytemessage.decode()method, with utf-8, cp437, cp1250, cp1252, latin-1, etc. I have also tried codecs.decode() with hex. No success, I Don't understand what language is this.
I am new to SSL so I suppose I am missing something obvious here, but I have no idea what …
Any help would be greatly appreciated.
Thanks in advance !
---- Edit here is the code of my server-----
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_address = ('localhost', 5000)
print ('starting up on %s port %s' % server_address)
sock.bind(server_address)
sock.listen(1)
while True:
print ( 'waiting for a connection')
connection, client_address = sock.accept();
try:
print( 'connection from', client_address)
while True:
data = connection.recv(16)
print ( 'received "%s"' % data)
if True:
#data2=b'{"timing":{"liveEvents": {"sector": {"dayTime": 1483523892618,"driver": 1,"isValid": false,"participant": "0","sector": 3,"time": -1}}}}'
print ('sending data to the client')
#connection.sendall(data2)
else:
print ( 'no more data from', client_address)
break
finally:
connection.close()

b"\x16\x03\x03...
This is a TLS message. Looks like your client tries to speak TLS to your server but your server cannot properly handle it. Instead of treating the data as TLS it will assume that the TLS is the actual application data.
Looking at your server code the reason is clear: you are not doing any SSL there, i.e. you are doing a plain TCP socket. SSL will not magically appear just because a clients tries to talk SSL with the server but you need to use the ssl module, properly wrap_socket and provide the necessary server certificate and key. For some simple example see the documentation.

As #Steffen mentioned , I wasn't handling SSL at all, which I now do with ssl.wrap_socket(sock,certfile='certificat.pem', keyfile='cle.pem', server_side=True)
Operation on server side requires certificates and key files in pem, which I generated with SelfSSL7 and then split the pfx into 2 pem key and certificate files with OpenSSL
openssl pkcs12 -in yourpfxfile.pfx -nocerts -out privatekey.pem -nodes
openssl pkcs12 -in yourpfxfile.pfx -nokeys -out publiccert.pem -nodes
Maybe not the fastest solution for a self signed certificate since I now have OpenSSL installed but …
Finally, the expected message !!
starting up on localhost port 11000
waiting for a connection
connection from ('127.0.0.1', 60488)
received "b'PING:0::\r\n'"
sending data to the client
received "b'LOGIN:::{"user":"test","password":"test","app":"AppName","app_ver":"1.0.0","protocol":" ","protocol_ver":"1.0.0"}\r\n'"
sending data to the client
Again thank you very much #SteffenUllrich

plotly dash: change default port

Following plotly dash getting started guide but when trying to run python app.py get message:
OSError: [WinError 10013] An attempt was made to access a socket in a way forbidden by its access permissions
Seems the default address: http://127.0.0.1:8050/ is already being used. How can the default port be changed so I can get this to work?

As we can see in Dash.run_server method definition, port can be passed as parameter:
def run_server(self,
port=8050,
debug=True,
threaded=True,
**flask_run_options):
self.server.run(port=port, debug=debug, **flask_run_options)
So, if you need to use another port:
if __name__ == '__main__':
app.run_server(debug=True, port=8051) # or whatever you choose

Note that in Julia, you can change the port by specifying the port number in the run_server arguments without specifying "port=". For example,
run_server(app, "0.0.0.0", 8000, debug = true)

You can also set the environment variable PORT in your terminal before launching the Dash app:
https://github.com/plotly/dash/blob/c77912a3183adfccfd4ef84df91eca7fa9c7d543/dash/_configs.py#L34

In the place of port = 8050 type your own port number

I was running it on a Jupyter notebook, and all I had to do was go to runtime and select factory reset runtime, pip install all dependencies (like jupyter-dash), and I was good to go...

PID file /run/zabbix/zabbix_server.pid not readable (yet?) after start

when i try to start the zabbix-server i am getting and run/zabbix/zabbix_server.pid not readable (yet?) error,
ls -al
-rw-rw-r--. 1 zabbix zabbix 5 May 1 15:15 zabbix_server.pid
my zabbix-server config file
#This is a configuration file for Zabbix Server process
# To get more information about Zabbix,
# visit http://www.zabbix.com
############ GENERAL PARAMETERS #################
LogFile=/var/log/zabbix/zabbix_server.log
LogFileSize=0
PidFile=/var/run/zabbix/zabbix_server.pid
#PidFile=/tmp/zabbix_server.pid
DBHost=localhost
DBName=zabbix
DBUser=zabbix
DBPassword=zabbix
DBSocket=/var/lib/mysql/mysql.sock
Please help. suggest me a solution

I've had this issue when building a zabbix 4.0 server. To fix the issue I made sure that the path to the PID file was correct on '/etc/zabbix/zabbix_server.conf' and '/lib/systemd/system/zabbix-server.service'.
Interestingly restarting the service alone did not get rid of the error. I needed to reboot the server and this fixed the problem.

close the selinux on centos7
It works for me.
just close selinux for this time
setenforce 0
Close selinux forever
vi /etc/selinux/config
SELINUX=disabled

That message only indicates that the server failed to start. Check the server log (/var/log/zabbix/zabbix_server.log according to your config file), it will contain a more meaningful error message.
In my case, it was a issue connecting with the database.

Remove current pid file + be sure that no zabbix_server process is running on your machine.

Zabbix server does not accept special chars like: !##$%^&*()_+,./;'[]}{|":?>< in DBPassword variable.

Debian Exim4 SMTP-AUTH stopped working

I have a strange problem that recently popped on my Debian Squeeze server.
I've had Exim4 configured to use SMTP-AUTH with encryption setup and running on this box for a long time, but now it doesn't work.
At first I thought it was maybe my certificates expired, but that wasn't the case, they're good for several more years.
It appears that the server isn't listening on port 25 any longer.
If I try to telnet to port 25 it times out.
If I run netstat -tulpen on the server nothing is listening on port 25.
I'm using the splitconf for Exim4.
In conf.d/main I'm enabling MAIN_TLS_ENABLE=true
In conf.d/auth/30_exim4-config_examples I have the following
# Authenticate against local passwords using sasl2-bin
# Requires exim_uid to be a member of sasl group, see README.Debian.gz
plain_saslauthd_server:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
server_set_id = $auth2
server_prompts = :
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
#
login_saslauthd_server:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
# don't send system passwords over unencrypted connections
server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
server_set_id = $auth1
.ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
.endif
On the server if I run this command:
swaks -a -tls -q HELO -s localhost -au A_USER_NAME -ap '<>'
I get this ...
=== Trying localhost:25...
* Error connecting 0.0.0.0 to localhost:25:
* IO::Socket::INET: connect: Connection refused
Can someone point me to some more advanced debugging techniques?

OK. I figured it out.
Comcast blocks port 25. I don't know why this is coming up now, unless they've recently started blocking it.
I had to change a line in /etc/default/exim4
From this
SMTPLISTENEROPTIONS='-oX 25 -oP /var/run/exim4/exim.pid'
To this
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
I also added this to /etc/exim4/conf.d/main/03_exim4-config_tlsoptions
tls_on_connect_ports=465
It's odd that this just popped up, unless a Debian package updated the /etc/default/exim4 file. It's confusing, but it's working. Hopefully this will be helpful to someone in the future.
Cheers.

Swiftmailer SMTP Hotmail doesn't work

I try to send an e-mail with Swiftmailer. But it doesn't work...
This is what I tried:
$transport = Swift_SmtpTransport::newInstance('smtp.life.com', 25)
->setUsername('olivier-zwat#hotmail.be')
->setPassword('the correct pasword');
I can't find the solution for solving this problem...
*BTW I'm a Dutchman! ;-)

530 5.7.0 Must issue a STARTTLS command first
You need to configure SwiftMailer to use a SSL connection via STARTTLS. It is supported since version 4.1.3.

I think you should change 'smtp.life.com' to 'smtp.live.com'.

You need to set the encryption to tls as the 3rd parameter:
$transport = Swift_SmtpTransport::newInstance('smtp.life.com', 25, 'tls')
Most probably port should also be set to 587