CODEWITHSUNDEEP
pythonsslsni
crankshaft
crankshaft

Reputation: 2677

Python SSL via SNI Proxy

I am having problems connecting via SNI Proxy server using Python, the following code snippet shows the connection and executing the script results in different connection errors (handshake, wrong version) depending upon which version of ssl is used:

#!/usr/bin/python
import requests
import ssl
from requests.adapters import HTTPAdapter
try:
  from requests.packages.urllib3.poolmanager import PoolManager
except:
  from urllib3.poolmanager import PoolManager

class SSLAdapter(HTTPAdapter):
  def init_poolmanager(self, connections, maxsize, block=False):
    ssl_version=ssl.PROTOCOL_TLSv1
    #ssl_version=ssl.PROTOCOL_SSLv23
    #ssl_version=ssl.PROTOCOL_SSLv3
    assert_hostname = 'netflix.com'
    self.poolmanager = PoolManager(num_pools=connections,maxsize=maxsize,block=block,ssl_version=ssl_version,assert_hostname=assert_hostname)

def newSession():
  s = requests.Session()
  s.mount('https://', SSLAdapter())
  s.headers.update({'User-Agent': 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.6 Safari/537.36'})
  return s

urlMain = "https://www.netflix.com"
session = None
session = newSession()
session.get(urlMain, verify=False).text

This results in:

requests.exceptions.SSLError: [Errno 1] _ssl.c:510: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

Looking at the logs from the sniproxy server, you can see that the servername is omitted None[];

2015-02-22 08:25:23 000.000.73.222:59288 -> 000.00.77.145:443 -> NONE [] 0/0 bytes tx 0/0 bytes rx 20.179 seconds

How can I modify the script so that it sends the servername with the request ?

Upvotes: 0

Views: 2036

Answers (2)

Nizam Mohamed
Nizam Mohamed

Reputation: 9230

pip install pyopenssl
pip install ndg-httpsclient
pip install pyasn1

should solve the problem. Connect to https://alice.sni.velox.ch to verify if SNI is working.
using requests with TLS doesn't give SNI support

Upvotes: 1

Steffen Ullrich
Steffen Ullrich

Reputation: 123365

me: Which version of python are you using? I think with versions lower than 2.7.9 no SNI is available.

OP: Just checked it is 2.7.6, are you sure about that ?

Yes, see https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni. Which means your problem is that your are using a version of python which does not SNI. So you either need to upgrade python itself or parts of it as described in urllib3 on python 2.7 SNI error on Google App Engine.

Upvotes: 0

Related Questions