出于某种原因,似乎我的python3代码通过SSLV3保持连接:
import socket, ssl
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) #also tried ssl.OP_NO_SSLv3
context.verify_mode = ssl.CERT_REQUIRED #also tried ssl.CERT_OPTIONAL
context.check_hostname = True
context.load_default_certs()
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
domain = 'remote.domain.com'
ssl_sock = context.wrap_socket(s, server_hostname=domain)
ssl_sock.connect((domain, 443))
我已经尝试了评论中提到的所有四种组合(第3 + 4行),但我仍然得到:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 1093, in connect
self._real_connect(addr, False)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 1084, in _real_connect
self.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 1061, in do_handshake
self._sslobj.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 683, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:749)
SSL版本:
`>>>ssl.OPENSSL_VERSION`
'OpenSSL 1.0.2k 26 Jan 2017'
我不确定ssllabs测试是否可行,因为此域只能通过VPN访问。现在尝试获取该信息。
这可能是我的openSSL(参考:https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers):
的问题:~ rabdelaz$ ./test_ciphers
Obtaining cipher list from OpenSSL 0.9.8zh 14 Jan 2016.
Testing ADH-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-SEED-SHA...NO (sslv3 alert handshake failure)
Testing SEED-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA...NO (14094410)
Testing DHE-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
Testing AES256-SHA...NO (14094410)
Testing ADH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA...NO (14094410)
Testing DHE-DSS-AES128-SHA...NO (sslv3 alert handshake failure)
Testing AES128-SHA...NO (14094410)
Testing ADH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-ADH-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing EXP-ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing EDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing EDH-RSA-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-EDH-RSA-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-EDH-DSS-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-RC2-CBC-MD5...NO (sslv3 alert handshake failure)
Testing RC4-SHA...NO (sslv3 alert handshake failure)
Testing RC4-MD5...NO (sslv3 alert handshake failure)
Testing EXP-RC4-MD5...NO (sslv3 alert handshake failure)
Testing DES-CBC3-MD5...NO (sslv3 alert handshake failure)
Testing DES-CBC-MD5...NO (sslv3 alert handshake failure)
Testing EXP-RC2-CBC-MD5...NO (sslv3 alert handshake failure)
Testing RC2-CBC-MD5...NO (sslv3 alert handshake failure)
Testing EXP-RC4-MD5...NO (sslv3 alert handshake failure)
Testing RC4-MD5...NO (sslv3 alert handshake failure)
Testing NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-MD5...NO (sslv3 alert handshake failure)
这可能更相关:
>>> for c in context.get_ciphers():
... print(c['name'])
...
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256
DH-DSS-AES256-GCM-SHA384
DHE-DSS-AES256-GCM-SHA384
DH-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
DH-DSS-AES128-GCM-SHA256
DHE-DSS-AES128-GCM-SHA256
DH-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
ECDH-RSA-AES256-SHA384
ECDH-ECDSA-AES256-SHA384
ECDH-RSA-AES256-SHA
ECDH-ECDSA-AES256-SHA
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA256
DH-RSA-AES256-SHA256
DH-DSS-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-DSS-AES256-SHA
DH-RSA-AES256-SHA
DH-DSS-AES256-SHA
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
ECDH-RSA-AES128-SHA256
ECDH-ECDSA-AES128-SHA256
ECDH-RSA-AES128-SHA
ECDH-ECDSA-AES128-SHA
DHE-RSA-AES128-SHA256
DHE-DSS-AES128-SHA256
DH-RSA-AES128-SHA256
DH-DSS-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA
DH-RSA-AES128-SHA
DH-DSS-AES128-SHA
DHE-RSA-CAMELLIA256-SHA
DHE-DSS-CAMELLIA256-SHA
DH-RSA-CAMELLIA256-SHA
DH-DSS-CAMELLIA256-SHA
DHE-RSA-CAMELLIA128-SHA
DHE-DSS-CAMELLIA128-SHA
DH-RSA-CAMELLIA128-SHA
DH-DSS-CAMELLIA128-SHA
AES256-GCM-SHA384
AES128-GCM-SHA256
AES256-SHA256
AES256-SHA
AES128-SHA256
AES128-SHA
CAMELLIA256-SHA
CAMELLIA128-SHA
好的,这是正在发生的事情(我将上面的密码替换为test_ciphers脚本):
:~ rabdelaz$ ./test_ciphers
Testing ECDHE-RSA-AES256-GCM-SHA384...NO (no cipher match)
Testing ECDHE-ECDSA-AES256-GCM-SHA384...NO (no cipher match)
Testing ECDH-RSA-AES256-GCM-SHA384...NO (no cipher match)
Testing ECDH-ECDSA-AES256-GCM-SHA384...NO (no cipher match)
Testing ECDHE-RSA-AES128-GCM-SHA256...NO (no cipher match)
Testing ECDHE-ECDSA-AES128-GCM-SHA256...NO (no cipher match)
Testing ECDH-RSA-AES128-GCM-SHA256...NO (no cipher match)
Testing ECDH-ECDSA-AES128-GCM-SHA256...NO (no cipher match)
Testing DH-DSS-AES256-GCM-SHA384...NO (no cipher match)
Testing DHE-DSS-AES256-GCM-SHA384...NO (no cipher match)
Testing DH-RSA-AES256-GCM-SHA384...NO (no cipher match)
Testing DHE-RSA-AES256-GCM-SHA384...NO (no cipher match)
Testing DH-DSS-AES128-GCM-SHA256...NO (no cipher match)
Testing DHE-DSS-AES128-GCM-SHA256...NO (no cipher match)
Testing DH-RSA-AES128-GCM-SHA256...NO (no cipher match)
Testing DHE-RSA-AES128-GCM-SHA256...NO (no cipher match)
Testing ECDHE-RSA-AES256-SHA384...NO (no cipher match)
Testing ECDHE-ECDSA-AES256-SHA384...NO (no cipher match)
Testing ECDHE-RSA-AES256-SHA...NO (no ciphers available)
Testing ECDHE-ECDSA-AES256-SHA...NO (no ciphers available)
Testing ECDH-RSA-AES256-SHA384...NO (no cipher match)
Testing ECDH-ECDSA-AES256-SHA384...NO (no cipher match)
Testing ECDH-RSA-AES256-SHA...NO (no ciphers available)
Testing ECDH-ECDSA-AES256-SHA...NO (no ciphers available)
Testing DHE-RSA-AES256-SHA256...NO (no cipher match)
Testing DHE-DSS-AES256-SHA256...NO (no cipher match)
Testing DH-RSA-AES256-SHA256...NO (no cipher match)
Testing DH-DSS-AES256-SHA256...NO (no cipher match)
Testing DHE-RSA-AES256-SHA...NO (14094410)
Testing DHE-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES256-SHA...NO (no cipher match)
Testing DH-DSS-AES256-SHA...NO (no cipher match)
Testing ECDHE-RSA-AES128-SHA256...NO (no cipher match)
Testing ECDHE-ECDSA-AES128-SHA256...NO (no cipher match)
Testing ECDHE-RSA-AES128-SHA...NO (no ciphers available)
Testing ECDHE-ECDSA-AES128-SHA...NO (no ciphers available)
Testing ECDH-RSA-AES128-SHA256...NO (no cipher match)
Testing ECDH-ECDSA-AES128-SHA256...NO (no cipher match)
Testing ECDH-RSA-AES128-SHA...NO (no ciphers available)
Testing ECDH-ECDSA-AES128-SHA...NO (no ciphers available)
Testing DHE-RSA-AES128-SHA256...NO (no cipher match)
Testing DHE-DSS-AES128-SHA256...NO (no cipher match)
Testing DH-RSA-AES128-SHA256...NO (no cipher match)
Testing DH-DSS-AES128-SHA256...NO (no cipher match)
Testing DHE-RSA-AES128-SHA...NO (14094410)
Testing DHE-DSS-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES128-SHA...NO (no cipher match)
Testing DH-DSS-AES128-SHA...NO (no cipher match)
Testing DHE-RSA-CAMELLIA256-SHA...NO (no cipher match)
Testing DHE-DSS-CAMELLIA256-SHA...NO (no cipher match)
Testing DH-RSA-CAMELLIA256-SHA...NO (no cipher match)
Testing DH-DSS-CAMELLIA256-SHA...NO (no cipher match)
Testing DHE-RSA-CAMELLIA128-SHA...NO (no cipher match)
Testing DHE-DSS-CAMELLIA128-SHA...NO (no cipher match)
Testing DH-RSA-CAMELLIA128-SHA...NO (no cipher match)
Testing DH-DSS-CAMELLIA128-SHA...NO (no cipher match)
Testing AES256-GCM-SHA384...NO (no cipher match)
Testing AES128-GCM-SHA256...NO (no cipher match)
Testing AES256-SHA256...NO (no cipher match)
Testing AES256-SHA...NO (14094410)
Testing AES128-SHA256...NO (no cipher match)
Testing AES128-SHA...NO (14094410)
Testing CAMELLIA256-SHA...NO (no cipher match)
Testing CAMELLIA128-SHA...NO (no cipher match)