CODEWITHSUNDEEP
pythonwindowsssltls1.2
Hi10
Hi10

Reputation: 541

Python: TLS 1.2 (Cipher) handshake worked after Postman Installation

On Windows Server 2012 R2, Python 3.10.5, below code

conn = http.client.HTTPSConnection("utslogin.nlm.nih.gov")
headers = {
                'Content-Type': 'application/x-www-form-urlencoded'
            }
conn.request("POST", utslogin_path, "apikey=" + self.api_key, headers)
                res = conn.getresponse()

throws below exception

Unexpected err=SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] cer tificate verify failed: unable to get local issuer certificate (_ssl.c:1123)'), type(err)=<class 'ssl.SSLCertVerificationError'>

When looked at WireShark log, found ciphers TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 are missing.

Installed Postman to understand whats wrong, and after that Python code started working.

I am not sure what Postman did here, is it installing missing ciphers if yes then where are those added on Windows OS? Followed Microsoft link:https://learn.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel and further group policy settings but these ciphers not found. Anyone know where these ciphers will be added by Postman on windows?

Upvotes: 0

Views: 1353

Answers (1)

Hi10
Hi10

Reputation: 541

Found that postman is installing certificate "Starfield Class 2 Certification Authority" under trusted root CA. Downloaded and installed from https://ssl-tools.net/subjects/8bc19e845b981d61cf5469211a68b8e311336d90, code ran successfully without any exception

Thank you for the hint @PatrickMevzek

Upvotes: 1

Related Questions