urllib2 SSL3_CHECK_CERT_AND_ALGORITHM:dh密钥太小

问题描述 投票:2回答:1

[尝试使用suds发送SOAP请求,我正在使用Python 2.7.6

我对安全性不是很熟悉,我被认为是我的计算机或服务器计算机上的安全密钥太小,我不确定如何解决。我是否会生成一些新密钥并创建自定义打开器?任何帮助/指导都将有所帮助。

Stacktrace:

Traceback (most recent call last):
  File "read_xml.py", line 71, in <module>
    client.service.PO(purchase_orders)
  File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 542, in __call__
    return client.invoke(args, kwargs)
  File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 602, in invoke
    result = self.send(soapenv)
  File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 637, in send
    reply = transport.send(request)
  File "/usr/local/lib/python2.7/dist-packages/suds/transport/https.py", line 64, in send
    return  HttpTransport.send(self, request)
  File "/usr/local/lib/python2.7/dist-packages/suds/transport/http.py", line 77, in send
    fp = self.u2open(u2request)
  File "/usr/local/lib/python2.7/dist-packages/suds/transport/http.py", line 118, in u2open
    return url.open(u2request, timeout=tm)
  File "/usr/lib/python2.7/urllib2.py", line 404, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 422, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open
    return self.do_open(httplib.HTTPSConnection, req)
  File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [Errno 1] _ssl.c:510: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small>

我正在查看以下链接

Python - requests.exceptions.SSLError - dh key too small

https://bugs.python.org/issue24985

https://unix.stackexchange.com/questions/333877/how-to-find-which-key-exactly-dh-key-too-small-openssl-error-is-about

不确定如何实现他们在说什么,再次感谢您的任何帮助

python security ssl soap urllib2
1个回答
0
投票

我正在Python 3.7中使用此废料:

import ssl
from urllib.request import HTTPSHandler

from suds.transport.https import HttpAuthenticated


class SSLAuthenticated(HttpAuthenticated):
    """ Enables SSL context for Suds. """

    def __init__(self, ssl_ciphers: str = ssl._DEFAULT_CIPHERS, **kwargs):
        self.ssl_ciphers = ssl_ciphers
        super().__init__(**kwargs)

    def u2handlers(self):
        handlers = super().u2handlers()
        ssl_context = ssl.create_default_context()
        if self.ssl_ciphers is not None:
            ssl_context.set_ciphers(self.ssl_ciphers)
        ssl_context_handler = HTTPSHandler(context=ssl_context)
        handlers = [ssl_context_handler] + handlers
        return handlers

client = suds.Client(transport=SSLAuthenticated(ssl_ciphers='HIGH:!DH'))

要获取网站上可用密码的列表,请运行:

nmap --script ssl-enum-ciphers -p 443 affected.website.com

从A级密码中一个一个地选择并像这样检查它们:

openssl s_client -connect affected.website.com:443 -cipher 'HIGH:!DH' -brief
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.