我正在尝试在私有服务器上获取域,但由于 sslv3 警报握手失败,请求不断失败。
根据此处的博客文章https://lukasa.co.uk/2017/02/Configuring_TLS_With_Requests/ ,我已将会话配置为忽略 sslv3, 但它继续将其用作异常消息中的状态。
有什么想法我在这里做错了吗?
这是我的最小脚本:
import ssl
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.ssl_ import create_urllib3_context
CIPHERS = (
'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:'
'!eNULL:!MD5'
)
class DESAdapter(HTTPAdapter):
"""
A TransportAdapter that re-enables 3DES support in Requests.
"""
def create_ssl_context(self):
ctx = ssl.create_default_context()
# opt out the SSLv3
ctx.options |= ssl.OP_NO_SSLv3
ctx.set_ciphers( CIPHERS )
return ctx
def init_poolmanager(self, *args, **kwargs):
kwargs['ssl_context'] = self.create_ssl_context()
return super(DESAdapter, self).init_poolmanager(*args, **kwargs)
def proxy_manager_for(self, *args, **kwargs):
kwargs['ssl_context'] = self.create_ssl_context()
return super(DESAdapter, self).proxy_manager_for(*args, **kwargs)
s = requests.Session()
s.mount('https://my-broken-intranet-domain.net:4942', DESAdapter())
# This will throw the error:
r = s.get('https://my-broken-intranet-domain.net:4942')
发生异常:requests.exceptions.SSLError HTTPSConnectionPool(host='my-broken-intranet-domain.net', port=4942): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 警报握手失败 (_ssl.c:1056)')))
使用 Curl,请求通过,协商的 CIPHER 和 TLS 为:
curl -v https://my-broken-intranet-domain.net:4942
...
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / DES-CBC3-SHA
* ALPN, server did not agree to a protocol
Versions:
Python 3.7.2
请求版本:2.21.0
urllib3 版本:1.24.1
OpenSSL 1.1.0j
谢谢您的帮助!