SSLv3 connection with ssl librairie in Python - Printable Version +- Python Forum (https://python-forum.io) +-- Forum: Python Coding (https://python-forum.io/forum-7.html) +--- Forum: Homework (https://python-forum.io/forum-9.html) +--- Thread: SSLv3 connection with ssl librairie in Python (/thread-9771.html) |
SSLv3 connection with ssl librairie in Python - madem - Apr-27-2018 Hello, I want to make a programm (Python 2.7) which detect the ssl/tls version which are available on a website. And I just want to use standard Python librairies. Here is my code: #encoding=utf-8 import ssl import socket import traceback import logging import sys import json class AnalyseSSL: cipher_list="RC4-SHA".split(":") list_version_ssl_tls = [ ("SSLv2", ssl.OP_ALL | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2), ("SSLv3", ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2), ("TLSv1", ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2), ("TLSv1_1", ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_2), ("TLSv1_2", ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1), ] def __init__(self, hostname, port): self.hostname = hostname self.port = port # try to connect to the hostname with all cipher suite for each SSL/TLS version def try_all_ssl_tls_version(self): logging.warning("---------------------------------------- %s", port) nb_tentative_max = 5 cpt_tentative_max = 0 resultat = {} try: print 'hostname : ', hostname for version in self.list_version_ssl_tls: # Pour chaque version de SSL/TLS cpt_nb_tentative_max = 0 is_version_supported = False if cpt_tentative_max >= 5: break; for cipher_suite in self.cipher_list: # Pour chaque cipher suite print cipher_suite context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) # création du context context.check_hostname = False context.verify_mode = ssl.CERT_NONE context.options = version[1] # on spécifie la version de SSL/TLS qu'on veut utiliser print context.options try: context.set_ciphers(cipher_suite) # on spécifie la cipher suite à utiliser except Exception as e: print "Exception : ", e pass traceback.print_exc(e) s_ = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s = context.wrap_socket(s_) #s = context.wrap_socket(s_, server_hostname=hostname) #print "timeout : ", s.gettimeout() s.settimeout(5) #print "timeout : ", s.gettimeout() try: s.connect((hostname, port)) # on tente de se connecter if (is_version_supported == False): print version[0], "supporté" is_version_supported = True print s.cipher() #logging.info("---------------------------------------- %s %s", %(version[0], s.cipher())) s.close() except socket.timeout: cpt_tentative_max += 1 if cpt_tentative_max >= 5: break; except Exception as e: # si la connexion a échoué #print "[version ", version[0], " with ", cipher_suite, " :: ", e #print s.getpeercert() #traceback.print_exc(e) print e pass if is_version_supported == False: print version[0], "non supporté" print "\n" except Exception as e: print e traceback.print_exec(e) pass hostname = 'PUT YOUR IP HERE' port = 443 A = AnalyseSSL(hostname, port) A.try_all_ssl_tls_version()The problem is i cant etablish an sslv3 connection. I've got an ip (and i'm sure sslv3 is enable on this ip with cipher suite suite RC4-SHA, i tested it with openssl and testssl.sh). My program work fine for the third tls version but it's impossible to use sslv3 or sslv2. Here is the error i've got : [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:581)I cant use SSLv3, but why ? (I recompile my openssl librairie in order to enable sslv3 and it works because if i use : openssl s_client -connect IP -ssl3 -ciphers RC4-SHA that's works. How can I solve this ? Thx :) RE: SSLv3 connection with ssl librairie in Python - nilamo - Apr-27-2018 Does it work without using python? Try using telnet to access the server/port, and if it works, then we know the issue is somewhere in the python code, and not with a blocked port or something. RE: SSLv3 connection with ssl librairie in Python - madem - May-02-2018 nilamo, it works whitout using python, i try it with openssl command as i said. Here is the command and the result is good : Openssl s_client -connect IP -ssl3 -ciphers RC4-SHA I can connect to this ip:port with SSLv3 and RC4-SHA cipher. So the problem came from my python code. I used ssl librairie which is a wrapper of openssl. I recompiled openssl librarire in order to permit me to use sslv3 connection (because it's disable in the last version because of security weakness). Now i can use sslv3 with openssl but cant use it when using python. (did i need to recompile ssl librarie too ?) Thx :) J'ai fais une toute petite erreur dans la commande openssl, voici la bonne commande openssl qui fonctionne bien : openssl s_client -connect IP:PORT -ssl3 -cipher RC4-SHA RE: SSLv3 connection with ssl librairie in Python - madem - May-02-2018 I did a small mistake in the openssl command line i wrote, here is the good version : openssl s_client -connect IP:PORT -ssl3 -cipher RC4-SHA So this command works , i'm sure SSLv3 is available, but cant connect using ssl librarie :/ |