使用 SSLv3 对 HTTPS 服务器的 Python REST 请求

Question

我正在尝试从 URL 检索数据，但是由于这个错误，我的连接被阻止了:

requests.exceptions.SSLError: HTTPSConnectionPool(host='securehost', port=4443): Max retries exceeded with url: secureURL (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')],)",),))

截至目前，我认为我收到此错误是因为他们无法就要使用的 SSL 密码达成一致。

请求库中的默认 SSL 类型是:

TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!eNULL:!MD5

然而，当我在服务器上运行 curl -v 时，我试图从我得到的数据请求数据:

$ curl -v SecureLink
* timeout on name lookup is not supported
*   Trying 8.8.8.8...
* TCP_NODELAY set
* Connected to SecureLink (8.8.8.8) port 4443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / DES-CBC3-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: OU=Domain Control Validated; CN=secureDomain
*  start date: Sep  1 17:52:38 2016 GMT
*  expire date: Sep  1 17:52:38 2019 GMT
*  subjectAltName: host "secureHost" matched cert's "secureHost"
*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.
godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
*  SSL certificate verify ok.
> GET Link HTTP/1.1
> Host: secureHost&Port
> User-Agent: curl/7.55.0
> Accept: */*

我尝试通过以下方式编辑默认密码:

requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += ':RC4-SHA'

和

requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += ':DES-CBC3-SHA'

没用。

非常感谢任何通过请求库成功连接的帮助。

到目前为止我的代码是:

import requests
import json
import ssl
from urllib3.contrib import pyopenssl
import MySQLdb

params = {"t": "8IBYCELFMTKRI08K5T9YUKPN7K21YZQZ0PXV"}


print(requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS)
requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += 'ALL:eNULL'

s = requests.Session()

print(requests.get('secureURL', params=params, timeout=5, verify=False).text)

我正在使用 Python 2.7.13。我安装的包是:

1. asn1crypto 0.22.0
2. 证书 2017.7.27.1
3. cffi 1.10.0
4. chardet 3.0.4
5. 密码学 2.0.3
6. enum34 1.1.6
7. idna 2.6
8. IP 地址 1.0.18
9. pyOpenSSL 17.3.0
10. pycparser 2.18
11. 请求 2.18.4
12. urllib3 1.22

据我所知，错误是 sslv3 握手失败。

Answer 1

即使我在网络上，我也需要使用我的 VPN 连接才能运行脚本。我不确定为什么会这样，但如果没有 VPN 连接，它就无法工作。我希望有一天这能帮助某人。