如何使用仅支持 TLS 1.0 的主机处理 Python 请求 [英] How to work with Python requests with hosts only supporting TLS 1.0
问题描述
使用 OPENSSL_VERSION : OpenSSL 1.1.0j 并尝试连接到似乎只支持 TLS 1.0 密码的主机并在 _sslobj.do_handshake() 中收到错误.
导入 OpenSSL进口请求从 urllib.request 导入 urlopen导入 ssl...url = 'https://slpin.universalservice.org/'urlopen(url).read()正如您从
唯一不可怕的不安全但唯一弱的密码使用 3DES.由于这个弱点,这个密码可能不包含在您平台上的 openssl 构建中(例如,Debian 和基于 Debian 的系统(如 Ubuntu)不包含此密码).
这意味着从 Python 脚本访问服务器的唯一方法是使用链接到旧版 OpenSSL 或链接到现代版本但明确包含此密码的 Python 版本.即使这样,您也可能需要专门启用 3DES,因为 urllib 禁用了一段时间.因此,当 Python 使用具有 3DES 支持的 OpenSSL 构建时,以下内容应该可以工作:
导入ssl从 urllib.request 导入 urlopenurl = 'https://slpin.universalservice.org/'ctx = ssl.create_default_context()ctx.set_ciphers('3DES')urlopen(url, context = ctx).read()就我而言,这给出了一个 403 Forbidden,它与我使用浏览器访问此 URL 时得到的内容相匹配.
using OPENSSL_VERSION : OpenSSL 1.1.0j and trying to connect to a host that seem to only support TLS 1.0 cyphers and getting an error in _sslobj.do_handshake().
import OpenSSL
import requests
from urllib.request import urlopen
import ssl
...
url = 'https://slpin.universalservice.org/'
urlopen(url).read()
As you can see from this SSLLabs report the server you are trying to access is terrible broken. It gets a grade of F (worst) which is mainly due to its terrible insecure ciphers:
The only not terrible insecure but only weak cipher uses 3DES. Because of this weakness this cipher is likely not included in the openssl build on your platform (for example Debian and Debian based systems like Ubuntu don't have this cipher included).
This means the only way to access the server from your Python script would be to use a version of Python linked to an older version of OpenSSL or linked to a modern version but with this cipher explicitly included. Even then you would likely need to specifically enable 3DES since this is disabled by urllib for a while. Thus, when Python is build with an OpenSSL which has 3DES support included the following should work:
import ssl
from urllib.request import urlopen
url = 'https://slpin.universalservice.org/'
ctx = ssl.create_default_context()
ctx.set_ciphers('3DES')
urlopen(url, context = ctx).read()
In my case this gives a 403 Forbidden which matches what I get when I visit this URL with the browser.
这篇关于如何使用仅支持 TLS 1.0 的主机处理 Python 请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
