强制请求库在 Python 中使用 TLSv1.1 或 TLSv1.2 [英] Forcing requests library to use TLSv1.1 or TLSv1.2 in Python

问题描述

我正在尝试使用 python 中的请求库向服务器发送 POST 调用.早些时候我能够成功发送 POST 调用，但最近，服务器弃用了 TLSv1.0，现在只支持 TLSv1.1 和 TLSv1.2.现在相同的代码向我抛出requests.exceptions.SSLError:EOF发生违反协议(_ssl.c:590)"错误.

I am trying to send a POST call using requests library in python to a server. Earlier I was able to successfully send POST calls but recently, the server deprecated TLSv1.0 and now only supports TLSv1.1 and TLSv1.2. Now the same code throws me a "requests.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:590)" error.

我在 stackoverflow 上找到了这个线程 Python请求 requests.exceptions.SSLError: [Errno 8] _ssl.c:504: EOF发生违反协议，这表明我们需要对 HTTPAdapter 进行子类化，之后会话对象将使用 TLSv1.我相应地更改了我的代码，这是我的新代码

I found this thread on stackoverflow Python Requests requests.exceptions.SSLError: [Errno 8] _ssl.c:504: EOF occurred in violation of protocol which says that we need to subclass the HTTPAdapter after which the session object will use TLSv1. I changed my code accordingly and here is my new code

class MyAdapter(HTTPAdapter):
    def init_poolmanager(self, connections, maxsize, block=False):
    self.poolmanager = PoolManager(num_pools=connections,
                               maxsize=maxsize,
                               block=block,
                               ssl_version=ssl.PROTOCOL_TLSv1)

url="https://mywebsite.com/ui/"
headers={"Cookie":"some_value","X-CSRF-Token":"some value","Content-Type":"application/json"}    
payload={"name":"some value","Id":"some value"}    
s = requests.Session()
s.mount('https://', MyAdapter())

r=s.post(url,json=payload,headers=headers)
html=r.text
print html

但即使在使用它之后，我仍然收到同样的错误EOF 发生违反协议 (_ssl.c:590)".

But even after using this, I get the same error "EOF occurred in violation of protocol (_ssl.c:590)".

我的第一个问题是，我在某处读到请求默认使用 ssl.我知道我的服务器当时使用了 TLSv1.0，所以我的代码可以正常工作，因为 TLSv1.0 向后兼容 ssl3.0 吗?

My first question is that, I somewhere read that requests by default uses ssl. I know that my server used TLSv1.0 then, so was my code working because TLSv1.0 has backward compatibility with ssl3.0 ?

我的第二个问题是，我上面提到的stackoverflow线程使用我将代码更改为子类HTTPAdapter，说这将适用于TLSv1.但是由于我的服务器中不推荐使用 TLSv1.0，此代码是否仍然有效?

My second question is that, the stackoverflow thread that I mentioned above using which I changed my code to subclass HTTPAdapter, said that this will work for TLSv1. But since TLSv1.0 is deprecated in my server, will this code still work?

推荐答案

TLS 堆栈将自动使用可用的最佳版本.如果在服务器上禁用 TLS 1.0 支持时它不再工作，通常意味着您的本地 TLS 堆栈根本不支持更新的协议版本，如 TLS 1.2.这在 Mac OS X 上经常出现，因为它附带了一个烂旧版本的 OpenSSL (0.9.8).在这种情况下，没有 Python 代码可以帮助您解决问题，但您需要获得一个使用较新版本 OpenSSL 的 Python.

The TLS stack will use the best version available automatically. If it does not work any longer when TLS 1.0 support is disabled at the server it usually means that your local TLS stack simply does not support newer protocol version like TLS 1.2. This is often the case on Mac OS X since it ships with a rotten old version of OpenSSL (0.9.8). In this case no python code will help you to work around the problem, but you need to get a python which uses a newer version of OpenSSL.

要检查您使用的是哪个 openssl 版本，请在 python 中执行以下操作:

To check which openssl version you are using execute the following within python:

import ssl
print(ssl.OPENSSL_VERSION)

要支持 TLS 1.2，您需要 OpenSSL 版本 1.0.2 或 1.0.1.如果您只有 1.0.0 或 0.9.8，则需要升级您的 python+OpenSSL.有关如何执行此操作的更多信息，请参阅在 python 2.7 中更新 openssl.

To have support for TLS 1.2 you need OpenSSL version 1.0.2 or 1.0.1. If you have only 1.0.0 or 0.9.8 you need to upgrade your python+OpenSSL. See Updating openssl in python 2.7 for more information on how to do this.

这篇关于强制请求库在 Python 中使用 TLSv1.1 或 TLSv1.2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！