urllib2 SSL3_CHECK_CERT_AND_ALGORITHM:dh 密钥太小 [英] urllib2 SSL3_CHECK_CERT_AND_ALGORITHM: dh key too small
问题描述
尝试使用 suds
发送 SOAP 请求,我使用的是 Python 2.7.6
.
Attempting to send a SOAP request using suds
, I'm using Python 2.7.6
.
我对安全不是很熟悉 我被认为是我的机器或服务器机器上的安全密钥太小,我不知道如何解决.我是否生成一些新密钥并创建自定义开启器?任何帮助/指导都会有所帮助.
I'm not very versed with security I am led to believe that either the security - key, on either my machine or the server's machine is too small, I'm not sure how to resolve. Do I generate some new key and create a custom opener ? Any assistance /guidance would be helpful.
堆栈跟踪:
Traceback (most recent call last):
File "read_xml.py", line 71, in <module>
client.service.PO(purchase_orders)
File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 542, in __call__
return client.invoke(args, kwargs)
File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 602, in invoke
result = self.send(soapenv)
File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 637, in send
reply = transport.send(request)
File "/usr/local/lib/python2.7/dist-packages/suds/transport/https.py", line 64, in send
return HttpTransport.send(self, request)
File "/usr/local/lib/python2.7/dist-packages/suds/transport/http.py", line 77, in send
fp = self.u2open(u2request)
File "/usr/local/lib/python2.7/dist-packages/suds/transport/http.py", line 118, in u2open
return url.open(u2request, timeout=tm)
File "/usr/lib/python2.7/urllib2.py", line 404, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 422, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open
return self.do_open(httplib.HTTPSConnection, req)
File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [Errno 1] _ssl.c:510: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small>
我正在查看以下链接
Python - requests.exceptions.SSLError - dh 键太小
https://bugs.python.org/issue24985
不确定如何实施他们所说的,再次感谢您的帮助
Unsure how to implement what they're talking about, thanks again for any help
推荐答案
我在 Python 3.7 中使用此代码片段:
I'm using this code fragment in Python 3.7:
import ssl
from urllib.request import HTTPSHandler
from suds.transport.https import HttpAuthenticated
class SSLAuthenticated(HttpAuthenticated):
""" Enables SSL context for Suds. """
def __init__(self, ssl_ciphers: str = ssl._DEFAULT_CIPHERS, **kwargs):
self.ssl_ciphers = ssl_ciphers
super().__init__(**kwargs)
def u2handlers(self):
handlers = super().u2handlers()
ssl_context = ssl.create_default_context()
if self.ssl_ciphers is not None:
ssl_context.set_ciphers(self.ssl_ciphers)
ssl_context_handler = HTTPSHandler(context=ssl_context)
handlers = [ssl_context_handler] + handlers
return handlers
client = suds.Client(transport=SSLAuthenticated(ssl_ciphers='HIGH:!DH'))
要获取网站上可用密码的列表,请运行:
To obtain list of available ciphers on a website, run:
nmap --script ssl-enum-ciphers -p 443 affected.website.com
从 A 级密码中一一选择并像这样检查它们:
choose one by one from A-grade ciphers and check them like so:
openssl s_client -connect affected.website.com:443 -cipher 'HIGH:!DH' -brief
这篇关于urllib2 SSL3_CHECK_CERT_AND_ALGORITHM:dh 密钥太小的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!