通过python请求模块发送请求时如何选择特定密码 [英] How to select specific the cipher while sending request via python request module
问题描述
用例:我想用python请求模块找出主机名支持多少个密码.
Usecase: I want to find out how many ciphers are supported by the hostname with python request module.
我无法找到一种方法来提供密码名称来请求模块挂钩.谁能建议提供指定密码方式的方法.
I am not able to find a way to provide the cipher name to request module hook. Can anyone suggest the way to provide the way to specify cipher.
import ssl
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager
class Ssl3HttpAdapter(HTTPAdapter):
""""Transport adapter" that allows us to use SSLv3."""
def init_poolmanager(self, connections, maxsize, block=False):
self.poolmanager = PoolManager(
num_pools=connections, maxsize=maxsize,
block=block, ssl_version=ssl.PROTOCOL_SSLv3)
推荐答案
If you are using requests version 2.12.0+, there is a blog post on Configuring TLS With Requests, which describes new functionality to allow you to configure the SSLContext (note that this blog post was written after the OP asked the question):
Requests v2.12.0中添加的功能是urllib3现在接受ConnectionPool对象的构造函数中的SSLContext对象.这SSLContext将用作基础TLS的工厂连接,因此应用于它的所有设置也将应用于这些低级的连接.
The feature added in Requests v2.12.0 is that urllib3 now accepts an SSLContext object in the constructors for ConnectionPool objects. This SSLContext will be used as the factory for the underlying TLS connection, and so all settings applied to it will also be applied to those low-level connections.
执行此操作的最佳方法是使用SSLContext工厂功能requests.packages.urllib3.util.ssl_.create_urllib3_context.这是与Python的ssl.create_default_context函数类似,但适用Requests和urllib3的更严格的默认TLS配置两者都使用.此函数将返回一个SSLContext对象,该对象可以已应用进一步的配置.最重要的是,该功能还接受一些参数以允许覆盖默认配置.
The best way to do this is to use the SSLContext factory function requests.packages.urllib3.util.ssl_.create_urllib3_context. This is analogous to Python’s ssl.create_default_context function but applies the more-strict default TLS configuration that Requests and urllib3 both use. This function will return an SSLContext object that can then have further configuration applied. On top of that, the function also takes a few arguments to allow overriding default configuration.
要提供新的SSLContext对象,您需要编写一个适用于给定主机的TransportAdapter.
To provide the new SSLContext object, you will need to write a TransportAdapter that is appropriate for the given host.
以下示例代码给出了如何使用此方法在请求中重新启用3DES的示例.
The following sample code is given as an example of how to re-enable 3DES in Requests using this method.
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.ssl_ import create_urllib3_context
# This is the 2.11 Requests cipher string, containing 3DES.
CIPHERS = (
'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:'
'!eNULL:!MD5'
)
class DESAdapter(HTTPAdapter):
"""
A TransportAdapter that re-enables 3DES support in Requests.
"""
def init_poolmanager(self, *args, **kwargs):
context = create_urllib3_context(ciphers=CIPHERS)
kwargs['ssl_context'] = context
return super(DESAdapter, self).init_poolmanager(*args, **kwargs)
def proxy_manager_for(self, *args, **kwargs):
context = create_urllib3_context(ciphers=CIPHERS)
kwargs['ssl_context'] = context
return super(DESAdapter, self).proxy_manager_for(*args, **kwargs)
s = requests.Session()
s.mount('https://some-3des-only-host.com', DESAdapter())
r = s.get('https://some-3des-only-host.com/some-path')
还有一种可能的黑客,您可以在请求模块的github页面,或位于 https://stackoverflow.com/a/32651967/2364215,但是它修改了底层库代码,我不建议这样做(requests模块的作者也一样,就像您在该页面上看到的那样).另一方面,如果您使用的是较旧的请求包,并且无法升级,那么这可能是您的最佳选择.它等于覆盖urllib3模块的 DEFAULT_CIPHERS :
There is also a hack possible, which you can read on the github pages for the requests module, or at https://stackoverflow.com/a/32651967/2364215 but it modifies the underlying library code, I don't recommend it (neither do the authors of the requests module, as you will find on that page). On the other hand, if you are on an older requests package and you can't upgrade, it may be your best option. It amounts to overriding the urllib3 module's DEFAULT_CIPHERS:
requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += ':RC4-SHA'
如果您有其他代码在进行修改后仍将使用请求模块,但是不需要修改,则可能需要将 DEFAULT_CIPHERS 恢复为其先前的值.
If you have other code that will use the requests module after doing the modification, but doesn't need the modification, you may want to restore DEFAULT_CIPHERS to its previous value.
这篇关于通过python请求模块发送请求时如何选择特定密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
