如何测试 Python 请求到 GoLang TLSv1 HTTPS 服务器的 TLSv1 连接
问题描述 投票:0回答:1
我有一台非常旧的 Windows 2003 服务器,我需要测试与其的 TLSv1 连接。
我找到了一些简单的 GoLang HTTPS 服务器示例代码,将其配置为使用 TLSv1。我还使用我在 Windows 11 计算机上运行的请求模块创建了一个简单的 Python3 HTTPS 客户端。
当我尝试使用 Python3 应用程序通过 TLSv1 连接到 Windows 2003 服务器上的 GoLang 服务器时,我收到“tls 内部错误”(请参见下面的屏幕截图)。
如何让 TLSv1 连接正常工作?
错误:
GoLang server code:
package main
import (
"crypto/tls"
"fmt"
"log"
"net/http"
"runtime"
)
func main() {
fmt.Printf("Hello %s/%s\n", runtime.GOOS, runtime.GOARCH)
mux := http.NewServeMux()
mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
w.Write([]byte("This is an example server.\n"))
})
cfg := &tls.Config{
MinVersion: tls.VersionTLS10,
MaxVersion: tls.VersionTLS10,
}
srv := &http.Server{
Addr: ":443",
Handler: mux,
TLSConfig: cfg,
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
}
log.Fatal(srv.ListenAndServeTLS("server.crt", "server.key"))
}
Python3客户端代码:
from requests_toolbelt import SSLAdapter
import requests
import ssl
s = requests.Session()
p = ssl.PROTOCOL_TLSv1
s.mount('https://', SSLAdapter(p))
r = s.get('https://10.2.2.14/', verify=False)
Python3 客户端输出:
Traceback (most recent call last):
File "C:<>Programs\Python\Python311\Lib\site-packages\urllib3\connectionpool.py", line 703, in urlopen
httplib_response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "C:<>Programs\Python\Python311\Lib\site-packages\urllib3\connectionpool.py", line 386, in _make_request
self._validate_conn(conn)
File "C:<>Programs\Python\Python311\Lib\site-packages\urllib3\connectionpool.py", line 1042, in _validate_conn
conn.connect()
File "C:<>Programs\Python\Python311\Lib\site-packages\urllib3\connection.py", line 414, in connect
self.sock = ssl_wrap_socket(
^^^^^^^^^^^^^^^^
File "C:<>Programs\Python\Python311\Lib\site-packages\urllib3\util\ssl_.py", line 453, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:<>Programs\Python\Python311\Lib\site-packages\urllib3\util\ssl_.py", line 495, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:<>Programs\Python\Python311\Lib\ssl.py", line 517, in wrap_socket
return self.sslsocket_class._create(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:<>Programs\Python\Python311\Lib\ssl.py", line 1075, in _create
self.do_handshake()
File "C:<>Programs\Python\Python311\Lib\ssl.py", line 1346, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL] internal error (_ssl.c:1002)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:<>Programs\Python\Python311\Lib\site-packages\requests\adapters.py", line 489, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "C:<>Programs\Python\Python311\Lib\site-packages\urllib3\connectionpool.py", line 787, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File "C:<>Programs\Python\Python311\Lib\site-packages\urllib3\util\retry.py", line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='10.2.2.14', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL] internal error (_ssl.c:1002)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:tls_1.0_test_server\test-tls-connect.py", line 24, in <module>
r = s.get('https://10.2.2.14/', verify=False)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:<>Programs\Python\Python311\Lib\site-packages\requests\sessions.py", line 600, in get
return self.request("GET", url, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:<>Programs\Python\Python311\Lib\site-packages\requests\sessions.py", line 587, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:<>Programs\Python\Python311\Lib\site-packages\requests\sessions.py", line 701, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:<>Programs\Python\Python311\Lib\site-packages\requests\adapters.py", line 563, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='10.2.2.14', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL] internal error (_ssl.c:1002)')))
1个回答
0
投票
投票
最近的系统默认禁用 TLS 1.0。需要通过在密码字符串中设置 SECLEVEL 来明确允许这一点。仅仅使用 SSLAdapter 和协议版本是不够的。
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager
import requests
import ssl
class MyAdapter(HTTPAdapter):
def init_poolmanager(self, *args, **kwargs):
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
# set low Security Level to allow TLSv1
context.set_ciphers('DEFAULT:@SECLEVEL=0')
super().init_poolmanager(*args, **kwargs, ssl_context=context)
s = requests.Session()
s.mount('https://', MyAdapter())
r = s.get('https://10.2.2.14/', verify=False)
最新问题
- 如何使用 Mpchart 在具有不同数据集的折线图中设置颜色标签
- 将 QuickCheck 库添加到堆栈项目
- 而不是网站渲染,而是收到“网络服务器正常运行”消息
- 配置 spring-boot-starter-oauth2-client 以使用 Azure AD 进行身份验证
- Prisma 客户端无法初始化
- 从 Impala 对大型数据库进行采样的最佳查询是什么?
- 在 Javascript 中解析 int 的最佳方法
- 在 Ubuntu 上运行代码时,通过 NGINX 反向代理将数据写入 Elasticsearch 8 失败
- ref.watch(myProvider) 不返回
- 如何获取此图像布局并使其响应
- 使用DM脚本将mrc文件分割成多个片段
- 如何将 chrome.alarms.getAll 回调设置为变量?
- 有没有办法在Linux中从接口名称获取IP地址,而不依赖ioctl或getifaddrs?
- Julia 实现将字符串转换为snake_case/CamelCase
- 如何在Android中从BottomNavigationView中删除多余的白色背景?
- 我在尝试跳转到终点时遇到此错误
- 为什么查找子数组中的总和大于给定的值是 O(n) 而不是 O(n^2)
- Spring Boot 和 Swagger UI。设置 JWT 令牌
- java crypto 模块中的异常异常[重复]
- ggplot2 分面并为 R 中的 for 循环中的每个面添加唯一标签
© www.soinside.com 2019 - 2024. All rights reserved.