Requests: Python 3.5의 SSLV3_ALERT_HANDSHAKE_FAILURE, Python 2.7μ—μ„œ μž‘λ™

에 λ§Œλ“  2018λ…„ 07μ›” 30일  Β·  3μ½”λ©˜νŠΈ  Β·  좜처: psf/requests

λ‹€μŒ μ½”λ“œλ₯Ό μ‹€ν–‰ μ€‘μž…λ‹ˆλ‹€.

import requests
import ssl
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager

class SSLAdapter(HTTPAdapter):
    '''An HTTPS Transport Adapter that uses an arbitrary SSL version.'''
    def __init__(self, ssl_version=None, **kwargs):
        self.ssl_version = ssl_version

        super(SSLAdapter, self).__init__(**kwargs)

    def init_poolmanager(self, connections, maxsize, block=False):
        self.poolmanager = PoolManager(num_pools=connections,
                                       maxsize=maxsize,
                                       block=block,
                                       ssl_version=self.ssl_version)

s = requests.Session()
s.mount('https://', SSLAdapter(ssl.PROTOCOL_TLSv1_2))

print(ssl.OPENSSL_VERSION)

r = s.get('https://bibliothek.weltenbau.net/api/profile/265854176393691138')
print(r.status_code)

Python 3.5.3을 μ‚¬μš©ν•˜λ©΄ λ‹€μŒ 였λ₯˜κ°€ λ°œμƒν•©λ‹ˆλ‹€.

OpenSSL 1.1.0f  25 May 2017
Traceback (most recent call last):
  File "/opt/weltenbau-bot/.venv/lib/python3.5/site-packages/urllib3/connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "/opt/weltenbau-bot/.venv/lib/python3.5/site-packages/urllib3/connectionpool.py", line 343, in _make_request
    self._validate_conn(conn)
  File "/opt/weltenbau-bot/.venv/lib/python3.5/site-packages/urllib3/connectionpool.py", line 849, in _validate_conn
    conn.connect()
  File "/opt/weltenbau-bot/.venv/lib/python3.5/site-packages/urllib3/connection.py", line 356, in connect
    ssl_context=context)
  File "/opt/weltenbau-bot/.venv/lib/python3.5/site-packages/urllib3/util/ssl_.py", line 359, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.5/ssl.py", line 385, in wrap_socket
    _context=self)
  File "/usr/lib/python3.5/ssl.py", line 760, in __init__
    self.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 996, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 641, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:720)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/weltenbau-bot/.venv/lib/python3.5/site-packages/requests/adapters.py", line 445, in send
    timeout=timeout
  File "/opt/weltenbau-bot/.venv/lib/python3.5/site-packages/urllib3/connectionpool.py", line 638, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/opt/weltenbau-bot/.venv/lib/python3.5/site-packages/urllib3/util/retry.py", line 398, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='bibliothek.weltenbau.net', port=443): Max retries exceeded with url: /api/profile/265854176393691138 (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:720)'),))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "test.py", line 24, in <module>
    r = s.get('https://bibliothek.weltenbau.net/api/profile/265854176393691138')
  File "/opt/weltenbau-bot/.venv/lib/python3.5/site-packages/requests/sessions.py", line 525, in get
    return self.request('GET', url, **kwargs)
  File "/opt/weltenbau-bot/.venv/lib/python3.5/site-packages/requests/sessions.py", line 512, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/weltenbau-bot/.venv/lib/python3.5/site-packages/requests/sessions.py", line 622, in send
    r = adapter.send(request, **kwargs)
  File "/opt/weltenbau-bot/.venv/lib/python3.5/site-packages/requests/adapters.py", line 511, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='bibliothek.weltenbau.net', port=443): Max retries exceeded with url: /api/profile/265854176393691138 (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:720)'),))

Python 2.7.13을 μ‚¬μš©ν•˜λ©΄ λͺ¨λ“  것이 μ˜ˆμƒλŒ€λ‘œ μž‘λ™ν•©λ‹ˆλ‹€.

OpenSSL 1.1.0f  25 May 2017
200

μ‹œμŠ€ν…œ 정보

파이썬 3.5.3

μš”μ²­.도움

{
  "chardet": {
    "version": "3.0.4"
  },
  "cryptography": {
    "version": ""
  },
  "idna": {
    "version": "2.7"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.5.3"
  },
  "platform": {
    "release": "4.9.0-6-amd64",
    "system": "Linux"
  },
  "pyOpenSSL": {
    "openssl_version": "",
    "version": null
  },
  "requests": {
    "version": "2.19.1"
  },
  "system_ssl": {
    "version": "1010006f"
  },
  "urllib3": {
    "version": "1.23"
  },
  "using_pyopenssl": false
}

핍 동결

certifi==2018.4.16
chardet==3.0.4
idna==2.7
requests==2.19.1
urllib3==1.23

파이썬 2.7.13:

μš”μ²­.도움

{
  "chardet": {
    "version": "3.0.4"
  },
  "cryptography": {
    "version": ""
  },
  "idna": {
    "version": "2.7"
  },
  "implementation": {
    "name": "CPython",
    "version": "2.7.13"
  },
  "platform": {
    "release": "4.9.0-6-amd64",
    "system": "Linux"
  },
  "pyOpenSSL": {
    "openssl_version": "",
    "version": null
  },
  "requests": {
    "version": "2.19.1"
  },
  "system_ssl": {
    "version": "1010006f"
  },
  "urllib3": {
    "version": "1.23"
  },
  "using_pyopenssl": false
}

핍 동결

certifi==2018.4.16
chardet==3.0.4
idna==2.7
requests==2.19.1
urllib3==1.23

κ°€λŠ₯ν•œ ν•΄κ²°μ±…

Python3 ν™˜κ²½μ— pyOpenSSL을 μ„€μΉ˜ν•˜λ©΄ 이 λ¬Έμ œκ°€ ν•΄κ²°λ˜λŠ” 것 κ°™μŠ΅λ‹ˆλ‹€.

picture ghtyrant

κ°€μž₯ μœ μš©ν•œ λŒ“κΈ€

이봐, 당신은 해결책을 μ°Ύμ•˜μŠ΅λ‹ˆκΉŒ?

picture medoedoff 에 2019λ…„ 11μ›” 14일
👍3 🚀1 😕1

λͺ¨λ“  3 λŒ“κΈ€

μ•ˆλ…•ν•˜μ„Έμš” @ghtyrant λ‹˜

각 Python μ„€μΉ˜ 간에 SSL 섀정에 μ•½κ°„μ˜ 차이가 μžˆλŠ” 것 κ°™μŠ΅λ‹ˆλ‹€. 3.5 인터프리터가 μ„œλ²„μ™€ ν—ˆμš©λ˜λŠ” ν”„λ‘œν† μ½œμ„ ν˜‘μƒν•  수 μ—†μŠ΅λ‹ˆλ‹€. PyOpenSSL을 μ„€μΉ˜ν•˜λ©΄ 이 λ¬Έμ œκ°€ ν•΄κ²°λœλ‹€λŠ” 사싀은 3.5 SSL 섀정에 λ¬Έμ œκ°€ μžˆμŒμ„ μ‹œμ‚¬ν•©λ‹ˆλ‹€.

λΆˆν–‰νžˆλ„ 2.7.13κ³Ό 3.5.3 μ„€μΉ˜ μ‚¬μ΄μ—μ„œ 둜컬둜 μž¬ν˜„ν•  수 μ—†μ—ˆμŠ΅λ‹ˆλ‹€. API/ꡬ쑰체 λ³€κ²½μœΌλ‘œ 인해 OpenSSL 1.1κ³Ό Python이 ν•¨κ»˜ 잘 κ΅¬μΆ•λ˜μ§€ μ•ŠλŠ” μ›λž˜ λ¬Έμ œκ°€ λͺ‡ 가지 μžˆλ‹€κ³  μƒκ°ν•©λ‹ˆλ‹€.

λ‚΄κ°€ ν˜„μž¬ μ œκ³΅ν•  수 μžˆλŠ” μœ μΌν•œ 쑰언은 μ‹œμŠ€ν…œ OpenSSL에 λŒ€ν•΄ 3.5.3을 λ‹€μ‹œ μ„€μΉ˜ν•˜κ±°λ‚˜ 3.5.6으둜 μ—…κ·Έλ ˆμ΄λ“œν•˜λŠ” κ²ƒμž…λ‹ˆλ‹€. μš”μ²­μ˜ 결함과 κ΄€μ°°λ˜λŠ” λ™μž‘μ— λŒ€ν•œ λͺ…ν™•ν•œ 링크가 μžˆλŠ”μ§€ ν™•μ‹€ν•˜μ§€ μ•ŠμŠ΅λ‹ˆλ‹€. μ§€κΈˆμ€ 이 문을 닫을 μ˜ˆμ •μ΄μ§€λ§Œ μΆ”κ°€ 정보λ₯Ό 찾으면 μ–Έμ œλ“ μ§€ λ‹€μ‹œ μ—¬μ‹­μ‹œμ˜€. 감사 ν•΄μš”!

nateprewitt picture nateprewitt 에 2018λ…„ 08μ›” 08일

Debian 9의 packages.sury.orgμ—μ„œ OpenSSL 1.1.1bλ₯Ό μ„€μΉ˜ν•  λ•Œ λ™μΌν•œ λ¬Έμ œκ°€ λ°œμƒν–ˆμ„ λ•Œ 이 λ¬Έμ œκ°€ λ°œμƒν–ˆμŠ΅λ‹ˆλ‹€. 이것은 nginx 및 TLS 1.3의 μ΅œμ‹  버전을 μ–»λŠ” κ°€μž₯ μ‰¬μš΄ λ°©λ²•μ΄μ—ˆμŠ΅λ‹ˆλ‹€.

κ·ΈλŸ¬λ‚˜ λΆ„λͺ…νžˆ κΈ°λ³Έ Python μ„€μΉ˜(3.5.3)μ—μ„œλŠ” 잘 μž¬μƒλ˜μ§€ μ•ŠμœΌλ©° Django μ•±μ—μ„œ 이 였λ₯˜κ°€ λ°œμƒν–ˆμŠ΅λ‹ˆλ‹€. pyOpenSSL을 μ„€μΉ˜ν•˜λ©΄ λ¬Έμ œκ°€ ν•΄κ²°λ©λ‹ˆλ‹€.

Debian 10이 TLS 1.3κ³Ό Python이 μ œλŒ€λ‘œ μž‘λ™ν•  λ•ŒκΉŒμ§€ κΈ°λ‹€λ €μ•Ό ν•  것 κ°™μŠ΅λ‹ˆλ‹€. ;-)

ianare picture ianare 에 2019λ…„ 05μ›” 10일
1

이봐, 당신은 해결책을 μ°Ύμ•˜μŠ΅λ‹ˆκΉŒ?

medoedoff picture medoedoff 에 2019λ…„ 11μ›” 14일
👍3 🚀1 😕1
이 νŽ˜μ΄μ§€κ°€ 도움이 λ˜μ—ˆλ‚˜μš”?
0 / 5 - 0 λ“±κΈ‰

κ΄€λ ¨ 문제

jake491 picture jake491  Β·  3μ½”λ©˜νŠΈ
ReimarBauer picture ReimarBauer  Β·  4μ½”λ©˜νŠΈ
everping picture everping  Β·  4μ½”λ©˜νŠΈ
JimHokanson picture JimHokanson  Β·  3μ½”λ©˜νŠΈ
NoahCardoza picture NoahCardoza  Β·  4μ½”λ©˜νŠΈ