如何用OpenSSL 1.1.1c在python3.7.4中启用弱密码?
如何用OpenSSL 1.1.1c在python3.7.4中启用弱密码?
提问于 2019-08-22 14:20:20
服务器只支持弱密码。如何通过python连接到服务器?
服务器具有以下设置:(使用sslyze 2-1-3)
- 证书信息:内容
签名算法: sha1
公钥算法: RSA
密钥大小: 2048
指数: 65537 (0x10001)
DNS主题可选名称:[]
Trust
Hostname Validation: OK - Certificate matches
Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: self signed certificate in certificate chain
Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
Verified Chain: ERROR - Could not build verified chain(certificate untrusted?)
Received Chain Contains Anchor: ERROR - Could not build verified chain(certificate untrusted?)
Received Chain Order: OK - Order is valid
Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
Extensions
OCSP Must-Staple: NOT SUPPORTED - Extension not found
Certificate Transparency: NOT SUPPORTED - Extension not found
OCSP Stapling
NOT SUPPORTED - Server did not send back an OCSP response- TLS 1.2会议恢复支助:
使用会话ID: OK支持(5次成功,0次失败,0次错误,5次总尝试)。
TLS票证:不支持- TLS票证未分配
- SSLV3密码套件:
支持前向保密的RC4不安全支持
Preferred:
None - Server followed client cipher suite preference.
Accepted:
TLS_RSA_WITH_RC4_128_SHA 128 bits
TLS_RSA_WITH_RC4_128_MD5 128 bits
TLS_RSA_WITH_DES_CBC_SHA 56 bits
TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits
TLS_RSA_EXPORT_WITH_RC4_40_MD5 40 bits
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 40 bits
TLS_DHE_RSA_WITH_DES_CBC_SHA 56 bits
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits- TLSV1密码套件:
支持前向保密的RC4不安全支持
Preferred:
None - Server followed client cipher suite preference.
Accepted:
TLS_RSA_WITH_RC4_128_SHA 128 bits
TLS_RSA_WITH_RC4_128_MD5 128 bits
TLS_RSA_WITH_DES_CBC_SHA 56 bits
TLS_RSA_WITH_AES_256_CBC_SHA 256 bits
TLS_RSA_WITH_AES_128_CBC_SHA 128 bits
TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits
TLS_RSA_EXPORT_WITH_RC4_40_MD5 40 bits
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 40 bits
TLS_DHE_RSA_WITH_DES_CBC_SHA 56 bits
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits我的Python代码:
class noSSLVerification(HttpAuthenticated):
def u2handlers(self):
# use handlers from superclass
handlers = HttpAuthenticated.u2handlers(self)
ctx = ssl._create_unverified_context()
ctx.options &= ~ssl.OP_ALL
ctx.options &= ~ssl.OP_NO_SSLv3
ctx.options &= ~ssl.OP_NO_COMPRESSION
ctx.options &= ~ssl.OP_CIPHER_SERVER_PREFERENCE
# https://www.openssl.org/docs/manmaster/man1/ciphers.html#CIPHER-LIST-FORMAT
# https://www.mkssoftware.com/docs/man1/openssl_ciphers.1.asp
cipher = "RC4-MD5:RC4-SHA:DES-CBC-SHA:DES-CBC3-SHA:EXP-RC4-MD5:EXP-DES-CBC-SHA:ADH-DES-CBC3-SHA:TLSv1.0:SSLv3"
ctx.set_ciphers(cipher)
handlers.append(HTTPSHandler(context=ctx))
return handlers
url = "https://..."
transport = noSSLVerification()
client = Client(url, transport=transport)回答 1
Stack Overflow用户
发布于 2020-01-18 15:54:07
我知道使用另一个证书要好得多,但有时没有选择:
ctx = ssl.SSLContext()
ctx.set_ciphers('ALL:@SECLEVEL=0')我知道这是很粗鲁的解决办法。以它为起点
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/57611480
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号