我正在尝试在专用服务器上获取域,但是由于sslv3警报握手失败,请求连续失败。
根据此处的博客文章https://lukasa.co.uk/2017/02/Configuring_TLS_With_Requests/,我已将会话配置为忽略sslv3 但它将继续将其用作异常消息中的状态。
有什么想法我在这里弄错了吗?
这里是我的最小脚本:
import ssl
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.ssl_ import create_urllib3_context
CIPHERS = (
'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:'
'!eNULL:!MD5'
)
class DESAdapter(HTTPAdapter):
"""
A TransportAdapter that re-enables 3DES support in Requests.
"""
def create_ssl_context(self):
ctx = ssl.create_default_context()
# opt out the SSLv3
ctx.options |= ssl.OP_NO_SSLv3
ctx.set_ciphers( CIPHERS )
return ctx
def init_poolmanager(self, *args, **kwargs):
kwargs['ssl_context'] = self.create_ssl_context()
return super(DESAdapter, self).init_poolmanager(*args, **kwargs)
def proxy_manager_for(self, *args, **kwargs):
kwargs['ssl_context'] = self.create_ssl_context()
return super(DESAdapter, self).proxy_manager_for(*args, **kwargs)
s = requests.Session()
s.mount('https://my-broken-intranet-domain.net:4942', DESAdapter())
# This will throw the error:
r = s.get('https://my-broken-intranet-domain.net:4942')
发生异常:requests.exceptions.SSLError HTTPSConnectionPool(host ='my-broken-intranet-domain.net',port = 4942):URL超过最大重试次数:/(由SSLError(SSLError(1,'[[SSL:SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3警报握手失败(_ssl。 c:1056)')))
使用Curl,请求通过,协商的CIPHER和TLS为:
curl -v https://my-broken-intranet-domain.net:4942
...
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / DES-CBC3-SHA
* ALPN, server did not agree to a protocol
Versions:
Python 3.7.2
要求
版本:2.21.0
urllib3
版本:1.24.1
的OpenSSL
1.1.0j
感谢您的帮助!
答案 0 :(得分:0)
与Python 3.7.2相关。
关闭此功能,因为它在3.6.8中不存在