Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ios/121.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Python urllib2 SSL3\u检查\u证书\u和\u算法:dh密钥太小_Python_Security_Ssl_Soap_Urllib2 - Fatal编程技术网
Fatal编程技术网
  • python/
  • Python urllib2 SSL3\u检查\u证书\u和\u算法:dh密钥太小

Python urllib2 SSL3\u检查\u证书\u和\u算法:dh密钥太小

python security ssl soap

Python urllib2 SSL3\u检查\u证书\u和\u算法:dh密钥太小,python,security,ssl,soap,urllib2,Python,Security,Ssl,Soap,Urllib2,试图使用suds发送SOAP请求,我使用的是Python2.7.6 我对安全性不是很精通,我被引导相信,无论是我的机器还是服务器的机器上的安全密钥太小,我不知道如何解决。我是否生成一些新密钥并创建一个自定义开启器?任何协助/指导都会有所帮助 堆栈跟踪: Traceback (most recent call last): File "read_xml.py", line 71, in <module> client.service.PO(purchas

试图使用
suds
发送SOAP请求,我使用的是
Python2.7.6

我对安全性不是很精通,我被引导相信,无论是我的机器还是服务器的机器上的安全密钥太小,我不知道如何解决。我是否生成一些新密钥并创建一个自定义开启器?任何协助/指导都会有所帮助

堆栈跟踪:

Traceback (most recent call last):
  File "read_xml.py", line 71, in <module>
    client.service.PO(purchase_orders)
  File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 542, in __call__
    return client.invoke(args, kwargs)
  File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 602, in invoke
    result = self.send(soapenv)
  File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 637, in send
    reply = transport.send(request)
  File "/usr/local/lib/python2.7/dist-packages/suds/transport/https.py", line 64, in send
    return  HttpTransport.send(self, request)
  File "/usr/local/lib/python2.7/dist-packages/suds/transport/http.py", line 77, in send
    fp = self.u2open(u2request)
  File "/usr/local/lib/python2.7/dist-packages/suds/transport/http.py", line 118, in u2open
    return url.open(u2request, timeout=tm)
  File "/usr/lib/python2.7/urllib2.py", line 404, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 422, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open
    return self.do_open(httplib.HTTPSConnection, req)
  File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [Errno 1] _ssl.c:510: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small>

回溯(最近一次呼叫最后一次):
文件“read_xml.py”,第71行,在
client.service.PO(采购订单)
文件“/usr/local/lib/python2.7/dist packages/suds/client.py”,第542行,在调用中__
返回client.invoke(args、kwargs)
文件“/usr/local/lib/python2.7/dist packages/suds/client.py”,第602行,在invoke中
结果=self.send(soapenv)
文件“/usr/local/lib/python2.7/dist packages/suds/client.py”,第637行,在send中
回复=传输。发送(请求)
文件“/usr/local/lib/python2.7/dist packages/suds/transport/https.py”,第64行,在send中
返回HttpTransport.send(self,request)
文件“/usr/local/lib/python2.7/dist packages/suds/transport/http.py”,第77行,在send中
fp=self.u2open(u2request)
文件“/usr/local/lib/python2.7/dist packages/suds/transport/http.py”,第118行,在u2open中
返回url.open(u2request,timeout=tm)
文件“/usr/lib/python2.7/urllib2.py”,第404行,打开
响应=自身打开(请求,数据)
文件“/usr/lib/python2.7/urllib2.py”,第422行,打开
"开放",
文件“/usr/lib/python2.7/urllib2.py”,第382行,在调用链中
结果=func(*args)
文件“/usr/lib/python2.7/urllib2.py”,第1222行,https_open
返回self.do_open(httplib.HTTPSConnection,req)
文件“/usr/lib/python2.7/urllib2.py”,第1184行,打开
引发URL错误(err)
urllib2.URLError:
我正在查看以下链接

不确定如何实现他们所谈论的内容,再次感谢您的帮助

我在Python 3.7中使用了以下代码片段:

import ssl
from urllib.request import HTTPSHandler

from suds.transport.https import HttpAuthenticated


class SSLAuthenticated(HttpAuthenticated):
    """ Enables SSL context for Suds. """

    def __init__(self, ssl_ciphers: str = ssl._DEFAULT_CIPHERS, **kwargs):
        self.ssl_ciphers = ssl_ciphers
        super().__init__(**kwargs)

    def u2handlers(self):
        handlers = super().u2handlers()
        ssl_context = ssl.create_default_context()
        if self.ssl_ciphers is not None:
            ssl_context.set_ciphers(self.ssl_ciphers)
        ssl_context_handler = HTTPSHandler(context=ssl_context)
        handlers = [ssl_context_handler] + handlers
        return handlers

client = suds.Client(transport=SSLAuthenticated(ssl_ciphers='HIGH:!DH'))
要获取网站上可用密码的列表,请运行:

nmap --script ssl-enum-ciphers -p 443 affected.website.com
从A级密码中逐个选择,并进行如下检查:

openssl s_client -connect affected.website.com:443 -cipher 'HIGH:!DH' -brief
我通过更改
DEFAULT@SECLEVEL=2
->
DEFAULT@SECLEVEL=1
/etc/ssl/openssl.cnf

中,您必须配置连接以不使用Diffie Helman(DH)或更改服务器上的内容,请遵循中的说明。如果您控制服务器,最好修复其安全性,并因此更改其dhparams,如前一链接中所述。如果你不控制服务器,你必须使用第一个选项。这解决了我的问题。非常感谢。