+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: Homework (https://python-forum.io/forum-9.html)
+--- Thread: SSLv3 connection with ssl librairie in Python (/thread-9771.html)
SSLv3 connection with ssl librairie in Python - madem - Apr-27-2018
Hello, I want to make a programm (Python 2.7) which detect the ssl/tls version which are available on a website. And I just want to use standard Python librairies.
Here is my code:
#encoding=utf-8
import ssl
import socket
import traceback
import logging
import sys
import json
class AnalyseSSL:
cipher_list="RC4-SHA".split(":")
list_version_ssl_tls = [
("SSLv2", ssl.OP_ALL | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2),
("SSLv3", ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2),
("TLSv1", ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2),
("TLSv1_1", ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_2),
("TLSv1_2", ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1),
]
def __init__(self, hostname, port):
self.hostname = hostname
self.port = port
# try to connect to the hostname with all cipher suite for each SSL/TLS version
def try_all_ssl_tls_version(self):
logging.warning("---------------------------------------- %s", port)
nb_tentative_max = 5
cpt_tentative_max = 0
resultat = {}
try:
print 'hostname : ', hostname
for version in self.list_version_ssl_tls: # Pour chaque version de SSL/TLS
cpt_nb_tentative_max = 0
is_version_supported = False
if cpt_tentative_max >= 5:
break;
for cipher_suite in self.cipher_list: # Pour chaque cipher suite
print cipher_suite
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) # création du context
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
context.options = version[1] # on spécifie la version de SSL/TLS qu'on veut utiliser
print context.options
try:
context.set_ciphers(cipher_suite) # on spécifie la cipher suite à utiliser
except Exception as e:
print "Exception : ", e
pass
traceback.print_exc(e)
s_ = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s = context.wrap_socket(s_)
#s = context.wrap_socket(s_, server_hostname=hostname)
#print "timeout : ", s.gettimeout()
s.settimeout(5)
#print "timeout : ", s.gettimeout()
try:
s.connect((hostname, port)) # on tente de se connecter
if (is_version_supported == False):
print version[0], "supporté"
is_version_supported = True
print s.cipher()
#logging.info("---------------------------------------- %s %s", %(version[0], s.cipher()))
s.close()
except socket.timeout:
cpt_tentative_max += 1
if cpt_tentative_max >= 5:
break;
except Exception as e: # si la connexion a échoué
#print "[version ", version[0], " with ", cipher_suite, " :: ", e
#print s.getpeercert()
#traceback.print_exc(e)
print e
pass
if is_version_supported == False:
print version[0], "non supporté"
print "\n"
except Exception as e:
print e
traceback.print_exec(e)
pass
hostname = 'PUT YOUR IP HERE'
port = 443
A = AnalyseSSL(hostname, port)
A.try_all_ssl_tls_version()The problem is i cant etablish an sslv3 connection. I've got an ip (and i'm sure sslv3 is enable on this ip with cipher suite suite RC4-SHA, i tested it with openssl and testssl.sh).My program work fine for the third tls version but it's impossible to use sslv3 or sslv2. Here is the error i've got :
[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:581)I cant use SSLv3, but why ? (I recompile my openssl librairie in order to enable sslv3 and it works because if i use :
openssl s_client -connect IP -ssl3 -ciphers RC4-SHA
that's works.
How can I solve this ? Thx :)
RE: SSLv3 connection with ssl librairie in Python - nilamo - Apr-27-2018
Does it work without using python? Try using telnet to access the server/port, and if it works, then we know the issue is somewhere in the python code, and not with a blocked port or something.
RE: SSLv3 connection with ssl librairie in Python - madem - May-02-2018
nilamo, it works whitout using python, i try it with openssl command as i said.
Here is the command and the result is good : Openssl s_client -connect IP -ssl3 -ciphers RC4-SHA
I can connect to this ip:port with SSLv3 and RC4-SHA cipher.
So the problem came from my python code. I used ssl librairie which is a wrapper of openssl.
I recompiled openssl librarire in order to permit me to use sslv3 connection (because it's disable in the last version because of security weakness). Now i can use sslv3 with openssl but cant use it when using python. (did i need to recompile ssl librarie too ?)
Thx :)
J'ai fais une toute petite erreur dans la commande openssl, voici la bonne commande openssl qui fonctionne bien : openssl s_client -connect IP:PORT -ssl3 -cipher RC4-SHA
RE: SSLv3 connection with ssl librairie in Python - madem - May-02-2018
I did a small mistake in the openssl command line i wrote, here is the good version : openssl s_client -connect IP:PORT -ssl3 -cipher RC4-SHA
So this command works , i'm sure SSLv3 is available, but cant connect using ssl librarie :/