I have a working code for TLS in python as below:
import datetime
import sys
import ssl
from aiosmtpd.smtp import SMTP
from aiosmtpd.controller import Controller
from aiosmtpd.handlers import Debugging
class Server:
async def handle_DATA(self, server, session, envelope):
#some code here
return "250 OK"
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.load_cert_chain(certfile='cert.pem', keyfile='key.pem')
class ControllerStarttls(Controller):
def factory(self):
return SMTP(self.handler, enable_SMTPUTF8=True,require_starttls=True, tls_context=context)
controller = ControllerStarttls(Debugging(), hostname='localhost',port=587)
controller.start()
controller.stop()
This code when tested on WSL is giving TLSv1.3 but when tested with virtual machine it shows TLSv1.2 . Any idea why the difference is coming in version of TLS.
The openssl and python versions on both machines are:
On WSL(NAME="Ubuntu" VERSION="20.04.4 LTS (Focal Fossa)") :
$ python3 --version
Python 3.8.10
$ openssl version
OpenSSL 1.1.1f 31 Mar 2020
On Linux Virtual Machine (NAME="Red Hat Enterprise Linux"
VERSION="8.4 (Ootpa)")
python --version
Python 3.8.6
openssl version
OpenSSL 1.1.1g FIPS 21 Apr 2020
The openssl command used to test above code is :
openssl s_client -starttls smtp -crlf -connect localhost:587
Could anyone suggest what could be the reason of the difference in tls version as my requirement is to get TLSv1.3 on Linux virtual machine(RHEL)
The problem is the following :
On WSL (TLSv1.3 working) you are using the OpenSSL version 1.1.1f 31 Mar 2020
On RHEL VM (TLSv1.2 working) you are using OpenSSL version 1.1.1g FIPS 21 Apr 2020
The FIPS version is FIPS140-2 compliant, this means it can only use FIPS certified algorithms. The TLSv1.3 seems not yet certified so it must be disabled in that package version.
I suggest you to uninstall the OpenSSL FIPS version and use the same version thats working on WSL.