PalePal
PalePal

Reputation: 53

Capturing client/server TLS version in Python requests

Is it possible to see which TLS version was negotiated with the server using Python requests module? Something similar to what openssl s_client -connect would return

---
No client certificate CA names sent
---
SSL handshake has read 3043 bytes and written 375 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : ECDHE-RSA-AES256-SHA
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None

Upvotes: 5

Views: 4556

Answers (1)

Patrick Mevzek
Patrick Mevzek

Reputation: 12595

Copying the core of my other answer at https://stackoverflow.com/a/55462022/6368697 if you want to do things just once and for tests, a monkey patching can be enough (and otherwise read the rest of my answer which offers a proper implementation with a transport adapter, and also proper display of certificates received):

import requests
from requests.packages.urllib3.connection import VerifiedHTTPSConnection

SOCK = None

_orig_connect = requests.packages.urllib3.connection.VerifiedHTTPSConnection.connect

def _connect(self):
    global SOCK
    _orig_connect(self)
    SOCK = self.sock

requests.packages.urllib3.connection.VerifiedHTTPSConnection.connect = _connect

requests.get('https://yahoo.com')
tlscon = SOCK.connection
print 'Cipher is %s/%s' % (tlscon.get_cipher_name(), tlscon.get_cipher_version())
print 'Remote certificates: %s' % (tlscon.get_peer_certificate())
print 'Protocol version: %s' % tlscon.get_protocol_version_name()

This yields:

Cipher is ECDHE-RSA-AES128-GCM-SHA256/TLSv1.2
Remote certificates: <OpenSSL.crypto.X509 object at 0x10c60e310>
Protocol version: TLSv1.2

Upvotes: 2

Related Questions