Reputation: 53
Is it possible to see which TLS version was negotiated with the server using Python requests module?
Something similar to what openssl s_client -connect
would return
--- No client certificate CA names sent --- SSL handshake has read 3043 bytes and written 375 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.1 Cipher : ECDHE-RSA-AES256-SHA Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None
Upvotes: 5
Views: 4556
Reputation: 12595
Copying the core of my other answer at https://stackoverflow.com/a/55462022/6368697 if you want to do things just once and for tests, a monkey patching can be enough (and otherwise read the rest of my answer which offers a proper implementation with a transport adapter, and also proper display of certificates received):
import requests
from requests.packages.urllib3.connection import VerifiedHTTPSConnection
SOCK = None
_orig_connect = requests.packages.urllib3.connection.VerifiedHTTPSConnection.connect
def _connect(self):
global SOCK
_orig_connect(self)
SOCK = self.sock
requests.packages.urllib3.connection.VerifiedHTTPSConnection.connect = _connect
requests.get('https://yahoo.com')
tlscon = SOCK.connection
print 'Cipher is %s/%s' % (tlscon.get_cipher_name(), tlscon.get_cipher_version())
print 'Remote certificates: %s' % (tlscon.get_peer_certificate())
print 'Protocol version: %s' % tlscon.get_protocol_version_name()
This yields:
Cipher is ECDHE-RSA-AES128-GCM-SHA256/TLSv1.2
Remote certificates: <OpenSSL.crypto.X509 object at 0x10c60e310>
Protocol version: TLSv1.2
Upvotes: 2