CODEWITHSUNDEEP
python-3.xsslopenssl
MchaelTocho
MchaelTocho

Reputation: 1

How to work with Python requests with hosts only supporting TLS 1.0

using OPENSSL_VERSION : OpenSSL 1.1.0j and trying to connect to a host that seem to only support TLS 1.0 cyphers and getting an error in _sslobj.do_handshake().

import OpenSSL
import requests
from urllib.request import urlopen
import ssl
...

url = 'https://slpin.universalservice.org/'
urlopen(url).read()

Upvotes: 0

Views: 1578

Answers (1)

Steffen Ullrich
Steffen Ullrich

Reputation: 123541

As you can see from this SSLLabs report the server you are trying to access is terrible broken. It gets a grade of F (worst) which is mainly due to its terrible insecure ciphers:

enter image description here

The only not terrible insecure but only weak cipher uses 3DES. Because of this weakness this cipher is likely not included in the openssl build on your platform (for example Debian and Debian based systems like Ubuntu don't have this cipher included).

This means the only way to access the server from your Python script would be to use a version of Python linked to an older version of OpenSSL or linked to a modern version but with this cipher explicitly included. Even then you would likely need to specifically enable 3DES since this is disabled by urllib for a while. Thus, when Python is build with an OpenSSL which has 3DES support included the following should work:

import ssl
from urllib.request import urlopen

url = 'https://slpin.universalservice.org/'
ctx = ssl.create_default_context()
ctx.set_ciphers('3DES')
urlopen(url, context = ctx).read()

In my case this gives a 403 Forbidden which matches what I get when I visit this URL with the browser.

Upvotes: 2

Related Questions