urllib2 SSL3_CHECK_CERT_AND_ALGORITHM:dh 密钥太小 [英] urllib2 SSL3_CHECK_CERT_AND_ALGORITHM: dh key too small

问题描述

尝试使用 suds 发送 SOAP 请求，我使用的是 Python 2.7.6.

Attempting to send a SOAP request using suds, I'm using Python 2.7.6.

我对安全不是很熟悉 我被认为是我的机器或服务器机器上的安全密钥太小，我不知道如何解决.我是否生成一些新密钥并创建自定义开启器?任何帮助/指导都会有所帮助.

I'm not very versed with security I am led to believe that either the security - key, on either my machine or the server's machine is too small, I'm not sure how to resolve. Do I generate some new key and create a custom opener ? Any assistance /guidance would be helpful.

堆栈跟踪:

Traceback (most recent call last):
  File "read_xml.py", line 71, in <module>
    client.service.PO(purchase_orders)
  File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 542, in __call__
    return client.invoke(args, kwargs)
  File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 602, in invoke
    result = self.send(soapenv)
  File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 637, in send
    reply = transport.send(request)
  File "/usr/local/lib/python2.7/dist-packages/suds/transport/https.py", line 64, in send
    return  HttpTransport.send(self, request)
  File "/usr/local/lib/python2.7/dist-packages/suds/transport/http.py", line 77, in send
    fp = self.u2open(u2request)
  File "/usr/local/lib/python2.7/dist-packages/suds/transport/http.py", line 118, in u2open
    return url.open(u2request, timeout=tm)
  File "/usr/lib/python2.7/urllib2.py", line 404, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 422, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open
    return self.do_open(httplib.HTTPSConnection, req)
  File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [Errno 1] _ssl.c:510: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small>

我正在查看以下链接

Python - requests.exceptions.SSLError - dh 键太小

https://bugs.python.org/issue24985

https://unix.stackexchange.com/questions/333877/how-to-find-which-key-exactly-dh-key-too-small-openssl-error-is-about

不确定如何实施他们所说的，再次感谢您的帮助

Unsure how to implement what they're talking about, thanks again for any help

推荐答案

我在 Python 3.7 中使用此代码片段:

I'm using this code fragment in Python 3.7:

import ssl
from urllib.request import HTTPSHandler

from suds.transport.https import HttpAuthenticated


class SSLAuthenticated(HttpAuthenticated):
    """ Enables SSL context for Suds. """

    def __init__(self, ssl_ciphers: str = ssl._DEFAULT_CIPHERS, **kwargs):
        self.ssl_ciphers = ssl_ciphers
        super().__init__(**kwargs)

    def u2handlers(self):
        handlers = super().u2handlers()
        ssl_context = ssl.create_default_context()
        if self.ssl_ciphers is not None:
            ssl_context.set_ciphers(self.ssl_ciphers)
        ssl_context_handler = HTTPSHandler(context=ssl_context)
        handlers = [ssl_context_handler] + handlers
        return handlers

client = suds.Client(transport=SSLAuthenticated(ssl_ciphers='HIGH:!DH'))

要获取网站上可用密码的列表，请运行:

To obtain list of available ciphers on a website, run:

nmap --script ssl-enum-ciphers -p 443 affected.website.com

从 A 级密码中一一选择并像这样检查它们:

choose one by one from A-grade ciphers and check them like so:

openssl s_client -connect affected.website.com:443 -cipher 'HIGH:!DH' -brief

这篇关于urllib2 SSL3_CHECK_CERT_AND_ALGORITHM:dh 密钥太小的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！