服务器仅支持弱密码。我如何通过python连接到服务器?
服务器具有以下设置:(用于sslyze 2-1-3)
签名算法:sha1
公钥算法:RSA
密钥大小:2048
指数:65537(0x10001)
DNS主题备用名称:[]
Trust
Hostname Validation: OK - Certificate matches
Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
Verified Chain: ERROR - Could not build verified chain(certificate untrusted?)
Received Chain Contains Anchor: ERROR - Could not build verified chain(certificate untrusted?)
Received Chain Order: OK - Order is valid
Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
Extensions
OCSP Must-Staple: NOT SUPPORTED - Extension not found
Certificate Transparency: NOT SUPPORTED - Extension not found
OCSP Stapling
NOT SUPPORTED - Server did not send back an OCSP response
具有会话ID:OK-受支持(5个成功,0个失败,0个错误,5次尝试)。
使用TLS票证:不支持-未分配TLS票证
转发保密性确定-支持RC4不安全-受支持
Preferred:
None - Server followed client cipher suite preference.
Accepted:
TLS_RSA_WITH_RC4_128_SHA 128 bits
TLS_RSA_WITH_RC4_128_MD5 128 bits
TLS_RSA_WITH_DES_CBC_SHA 56 bits
TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits
TLS_RSA_EXPORT_WITH_RC4_40_MD5 40 bits
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 40 bits
TLS_DHE_RSA_WITH_DES_CBC_SHA 56 bits
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits
转发保密性确定-支持RC4不安全-受支持
Preferred:
None - Server followed client cipher suite preference.
Accepted:
TLS_RSA_WITH_RC4_128_SHA 128 bits
TLS_RSA_WITH_RC4_128_MD5 128 bits
TLS_RSA_WITH_DES_CBC_SHA 56 bits
TLS_RSA_WITH_AES_256_CBC_SHA 256 bits
TLS_RSA_WITH_AES_128_CBC_SHA 128 bits
TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits
TLS_RSA_EXPORT_WITH_RC4_40_MD5 40 bits
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 40 bits
TLS_DHE_RSA_WITH_DES_CBC_SHA 56 bits
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits
我的Python代码:
class noSSLVerification(HttpAuthenticated):
def u2handlers(self):
# use handlers from superclass
handlers = HttpAuthenticated.u2handlers(self)
ctx = ssl._create_unverified_context()
ctx.options &= ~ssl.OP_ALL
ctx.options &= ~ssl.OP_NO_SSLv3
ctx.options &= ~ssl.OP_NO_COMPRESSION
ctx.options &= ~ssl.OP_CIPHER_SERVER_PREFERENCE
# https://www.openssl.org/docs/manmaster/man1/ciphers.html#CIPHER-LIST-FORMAT
# https://www.mkssoftware.com/docs/man1/openssl_ciphers.1.asp
cipher = "RC4-MD5:RC4-SHA:DES-CBC-SHA:DES-CBC3-SHA:EXP-RC4-MD5:EXP-DES-CBC-SHA:ADH-DES-CBC3-SHA:TLSv1.0:SSLv3"
ctx.set_ciphers(cipher)
handlers.append(HTTPSHandler(context=ctx))
return handlers
url = "https://..."
transport = noSSLVerification()
client = Client(url, transport=transport)
我知道最好使用另一个证书,但有时没有选择余地:
ctx = ssl.SSLContext()
ctx.set_ciphers('ALL:@SECLEVEL=0')
我知道这是非常不礼貌的解决方案。使用它作为起点