如何在python3中禁用SSL v3？

Question

出于某种原因，似乎我的python3代码通过SSLV3保持连接：

import socket, ssl

context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) #also tried ssl.OP_NO_SSLv3
context.verify_mode = ssl.CERT_REQUIRED      #also tried ssl.CERT_OPTIONAL
context.check_hostname = True
context.load_default_certs()

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
domain = 'remote.domain.com'
ssl_sock = context.wrap_socket(s, server_hostname=domain)
ssl_sock.connect((domain, 443))

我已经尝试了评论中提到的所有四种组合（第3 + 4行），但我仍然得到：

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
   File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 1093, in connect
     self._real_connect(addr, False)
   File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 1084, in _real_connect
    self.do_handshake()
   File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 1061, in do_handshake
     self._sslobj.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 683, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:749)

SSL版本：

`>>>ssl.OPENSSL_VERSION`

'OpenSSL 1.0.2k  26 Jan 2017'

我不确定ssllabs测试是否可行，因为此域只能通过VPN访问。现在尝试获取该信息。

这可能是我的openSSL（参考：https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers）：

的问题

:~ rabdelaz$ ./test_ciphers 
Obtaining cipher list from OpenSSL 0.9.8zh 14 Jan 2016.
Testing ADH-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-SEED-SHA...NO (sslv3 alert handshake failure)
Testing SEED-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA...NO (14094410)
Testing DHE-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
Testing AES256-SHA...NO (14094410)
Testing ADH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA...NO (14094410)
Testing DHE-DSS-AES128-SHA...NO (sslv3 alert handshake failure)
Testing AES128-SHA...NO (14094410)
Testing ADH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-ADH-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing EXP-ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing EDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing EDH-RSA-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-EDH-RSA-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-EDH-DSS-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-RC2-CBC-MD5...NO (sslv3 alert handshake failure)
Testing RC4-SHA...NO (sslv3 alert handshake failure)
Testing RC4-MD5...NO (sslv3 alert handshake failure)
Testing EXP-RC4-MD5...NO (sslv3 alert handshake failure)
Testing DES-CBC3-MD5...NO (sslv3 alert handshake failure)
Testing DES-CBC-MD5...NO (sslv3 alert handshake failure)
Testing EXP-RC2-CBC-MD5...NO (sslv3 alert handshake failure)
Testing RC2-CBC-MD5...NO (sslv3 alert handshake failure)
Testing EXP-RC4-MD5...NO (sslv3 alert handshake failure)
Testing RC4-MD5...NO (sslv3 alert handshake failure)
Testing NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-MD5...NO (sslv3 alert handshake failure)    

这可能更相关：

>>> for c in context.get_ciphers():
...   print(c['name'])
... 
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256
DH-DSS-AES256-GCM-SHA384
DHE-DSS-AES256-GCM-SHA384
DH-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
DH-DSS-AES128-GCM-SHA256
DHE-DSS-AES128-GCM-SHA256
DH-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
ECDH-RSA-AES256-SHA384
ECDH-ECDSA-AES256-SHA384
ECDH-RSA-AES256-SHA
ECDH-ECDSA-AES256-SHA
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA256
DH-RSA-AES256-SHA256
DH-DSS-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-DSS-AES256-SHA
DH-RSA-AES256-SHA
DH-DSS-AES256-SHA
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
ECDH-RSA-AES128-SHA256
ECDH-ECDSA-AES128-SHA256
ECDH-RSA-AES128-SHA
ECDH-ECDSA-AES128-SHA
DHE-RSA-AES128-SHA256
DHE-DSS-AES128-SHA256
DH-RSA-AES128-SHA256
DH-DSS-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA
DH-RSA-AES128-SHA
DH-DSS-AES128-SHA
DHE-RSA-CAMELLIA256-SHA
DHE-DSS-CAMELLIA256-SHA
DH-RSA-CAMELLIA256-SHA
DH-DSS-CAMELLIA256-SHA
DHE-RSA-CAMELLIA128-SHA
DHE-DSS-CAMELLIA128-SHA
DH-RSA-CAMELLIA128-SHA
DH-DSS-CAMELLIA128-SHA
AES256-GCM-SHA384
AES128-GCM-SHA256
AES256-SHA256
AES256-SHA
AES128-SHA256
AES128-SHA
CAMELLIA256-SHA
CAMELLIA128-SHA

好的，这是正在发生的事情（我将上面的密码替换为test_ciphers脚本）：

:~ rabdelaz$ ./test_ciphers 
Testing ECDHE-RSA-AES256-GCM-SHA384...NO (no cipher match)
Testing ECDHE-ECDSA-AES256-GCM-SHA384...NO (no cipher match)
Testing ECDH-RSA-AES256-GCM-SHA384...NO (no cipher match)
Testing ECDH-ECDSA-AES256-GCM-SHA384...NO (no cipher match)
Testing ECDHE-RSA-AES128-GCM-SHA256...NO (no cipher match)
Testing ECDHE-ECDSA-AES128-GCM-SHA256...NO (no cipher match)
Testing ECDH-RSA-AES128-GCM-SHA256...NO (no cipher match)
Testing ECDH-ECDSA-AES128-GCM-SHA256...NO (no cipher match)
Testing DH-DSS-AES256-GCM-SHA384...NO (no cipher match)
Testing DHE-DSS-AES256-GCM-SHA384...NO (no cipher match)
Testing DH-RSA-AES256-GCM-SHA384...NO (no cipher match)
Testing DHE-RSA-AES256-GCM-SHA384...NO (no cipher match)
Testing DH-DSS-AES128-GCM-SHA256...NO (no cipher match)
Testing DHE-DSS-AES128-GCM-SHA256...NO (no cipher match)
Testing DH-RSA-AES128-GCM-SHA256...NO (no cipher match)
Testing DHE-RSA-AES128-GCM-SHA256...NO (no cipher match)
Testing ECDHE-RSA-AES256-SHA384...NO (no cipher match)
Testing ECDHE-ECDSA-AES256-SHA384...NO (no cipher match)
Testing ECDHE-RSA-AES256-SHA...NO (no ciphers available)
Testing ECDHE-ECDSA-AES256-SHA...NO (no ciphers available)
Testing ECDH-RSA-AES256-SHA384...NO (no cipher match)
Testing ECDH-ECDSA-AES256-SHA384...NO (no cipher match)
Testing ECDH-RSA-AES256-SHA...NO (no ciphers available)
Testing ECDH-ECDSA-AES256-SHA...NO (no ciphers available)
Testing DHE-RSA-AES256-SHA256...NO (no cipher match)
Testing DHE-DSS-AES256-SHA256...NO (no cipher match)
Testing DH-RSA-AES256-SHA256...NO (no cipher match)
Testing DH-DSS-AES256-SHA256...NO (no cipher match)
Testing DHE-RSA-AES256-SHA...NO (14094410)
Testing DHE-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES256-SHA...NO (no cipher match)
Testing DH-DSS-AES256-SHA...NO (no cipher match)
Testing ECDHE-RSA-AES128-SHA256...NO (no cipher match)
Testing ECDHE-ECDSA-AES128-SHA256...NO (no cipher match)
Testing ECDHE-RSA-AES128-SHA...NO (no ciphers available)
Testing ECDHE-ECDSA-AES128-SHA...NO (no ciphers available)
Testing ECDH-RSA-AES128-SHA256...NO (no cipher match)
Testing ECDH-ECDSA-AES128-SHA256...NO (no cipher match)
Testing ECDH-RSA-AES128-SHA...NO (no ciphers available)
Testing ECDH-ECDSA-AES128-SHA...NO (no ciphers available)
Testing DHE-RSA-AES128-SHA256...NO (no cipher match)
Testing DHE-DSS-AES128-SHA256...NO (no cipher match)
Testing DH-RSA-AES128-SHA256...NO (no cipher match)
Testing DH-DSS-AES128-SHA256...NO (no cipher match)
Testing DHE-RSA-AES128-SHA...NO (14094410)
Testing DHE-DSS-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES128-SHA...NO (no cipher match)
Testing DH-DSS-AES128-SHA...NO (no cipher match)
Testing DHE-RSA-CAMELLIA256-SHA...NO (no cipher match)
Testing DHE-DSS-CAMELLIA256-SHA...NO (no cipher match)
Testing DH-RSA-CAMELLIA256-SHA...NO (no cipher match)
Testing DH-DSS-CAMELLIA256-SHA...NO (no cipher match)
Testing DHE-RSA-CAMELLIA128-SHA...NO (no cipher match)
Testing DHE-DSS-CAMELLIA128-SHA...NO (no cipher match)
Testing DH-RSA-CAMELLIA128-SHA...NO (no cipher match)
Testing DH-DSS-CAMELLIA128-SHA...NO (no cipher match)
Testing AES256-GCM-SHA384...NO (no cipher match)
Testing AES128-GCM-SHA256...NO (no cipher match)
Testing AES256-SHA256...NO (no cipher match)
Testing AES256-SHA...NO (14094410)
Testing AES128-SHA256...NO (no cipher match)
Testing AES128-SHA...NO (14094410)
Testing CAMELLIA256-SHA...NO (no cipher match)
Testing CAMELLIA128-SHA...NO (no cipher match)