请求忽略设置OP_NO_SSLv3

时间:2019-03-01 06:14:02

标签: python-requests python-requests-html

我正在尝试在专用服务器上获取域,但是由于sslv3警报握手失败,请求连续失败。

根据此处的博客文章https://lukasa.co.uk/2017/02/Configuring_TLS_With_Requests/,我已将会话配置为忽略sslv3 但它将继续将其用作异常消息中的状态。

有什么想法我在这里弄错了吗?

这里是我的最小脚本:

import ssl
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.ssl_ import create_urllib3_context

CIPHERS = (
    'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
    'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:'
    '!eNULL:!MD5'
)

class DESAdapter(HTTPAdapter):
    """
    A TransportAdapter that re-enables 3DES support in Requests.
    """
    def create_ssl_context(self):
        ctx = ssl.create_default_context()
        # opt out the SSLv3
        ctx.options |= ssl.OP_NO_SSLv3
        ctx.set_ciphers( CIPHERS )
        return ctx

    def init_poolmanager(self, *args, **kwargs):
        kwargs['ssl_context'] = self.create_ssl_context()
        return super(DESAdapter, self).init_poolmanager(*args, **kwargs)

    def proxy_manager_for(self, *args, **kwargs):
        kwargs['ssl_context'] = self.create_ssl_context()
        return super(DESAdapter, self).proxy_manager_for(*args, **kwargs)

s = requests.Session()
s.mount('https://my-broken-intranet-domain.net:4942', DESAdapter())

# This will throw the error:
r = s.get('https://my-broken-intranet-domain.net:4942')

发生异常:requests.exceptions.SSLError HTTPSConnectionPool(host ='my-broken-intranet-domain.net',port = 4942):URL超过最大重试次数:/(由SSLError(SSLError(1,'[[SSL:SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3警报握手失败(_ssl。 c:1056)')))

使用Curl,请求通过,协商的CIPHER和TLS为:

curl -v https://my-broken-intranet-domain.net:4942

...
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / DES-CBC3-SHA
* ALPN, server did not agree to a protocol
Versions:
Python 3.7.2

要求 版本:2.21.0
urllib3 版本:1.24.1
的OpenSSL 1.1.0j

感谢您的帮助!

1 个答案:

答案 0 :(得分:0)

与Python 3.7.2相关。

关闭此功能,因为它在3.6.8中不存在