i'm trying set https connection python on windows using requests cisco asa firewall not have aes/3des license installed. goal download pcap capture file url pattern https://10.0.0.1/capture/test_capture/pcap not matter question further , we'll consider url https://10.0.0.1.
with default requests setup connection attempt fails both python 2 , python 3:
requests.get('https://10.0.0.1', verify = false, auth = ('username','password')) ... requests.exceptions.sslerror: [ssl: sslv3_alert_handshake_failure] sslv3 alert handshake failure (_ssl.c:600) this due lack of cipher overlap between server , client. curl -v option used determine cipher used server:
curl -u username -v -l -k https://10.0.0.1 ... sslv3, tls handshake, finished (20): ssl connection using des-cbc-sha ... the server using des-cbc-sha cipher , can't change that. cipher added list of default ciphers urllib3:
requests.packages.urllib3.util.ssl_.default_ciphers += ':des-cbc-sha' after python 3 version 3.4.3 connection succeeded python 2 version 2.7.12 still failed. , need use python 2. tried install security dependencies:
pip install pyopenssl ndg-httpsclient pyasn1 and add des-cbc-sha cipher pyopenssl list of default ciphers:
requests.packages.urllib3.contrib.pyopenssl.default_ssl_cipher_list += ':des-cbc-sha' but connecton python 2.7.12 still failed same error:
requests.exceptions.sslerror: ("bad handshake: error([('ssl routines', 'ssl23_get_server_hello', 'sslv3 alert handshake failure')],)",) it noticed python 3.4.3 connection succeeds uses older version of openssl python 2.7.12 connection fails:
python 3.4.3 >>> import ssl >>> ssl.openssl_version 'openssl 1.0.1l 15 jan 2015' python 2.7.12 >>> import ssl >>> ssl.openssl_version 'openssl 1.0.2h 3 may 2016' and after replacing python 2.7.12 python 2.7.9 has 'openssl 1.0.1j 15 oct 2014', connection succeeded.
is possible establish https connection using des-cbc-sha cipher latest version of python?
Comments
Post a Comment