Python urllib2 SSL3\u检查\u证书\u和\u算法:dh密钥太小
试图使用Python urllib2 SSL3\u检查\u证书\u和\u算法:dh密钥太小,python,security,ssl,soap,urllib2,Python,Security,Ssl,Soap,Urllib2,试图使用suds发送SOAP请求,我使用的是Python2.7.6 我对安全性不是很精通,我被引导相信,无论是我的机器还是服务器的机器上的安全密钥太小,我不知道如何解决。我是否生成一些新密钥并创建一个自定义开启器?任何协助/指导都会有所帮助 堆栈跟踪: Traceback (most recent call last): File "read_xml.py", line 71, in <module> client.service.PO(purchas
suds
发送SOAP请求,我使用的是Python2.7.6
我对安全性不是很精通,我被引导相信,无论是我的机器还是服务器的机器上的安全密钥太小,我不知道如何解决。我是否生成一些新密钥并创建一个自定义开启器?任何协助/指导都会有所帮助
堆栈跟踪:
Traceback (most recent call last):
File "read_xml.py", line 71, in <module>
client.service.PO(purchase_orders)
File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 542, in __call__
return client.invoke(args, kwargs)
File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 602, in invoke
result = self.send(soapenv)
File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 637, in send
reply = transport.send(request)
File "/usr/local/lib/python2.7/dist-packages/suds/transport/https.py", line 64, in send
return HttpTransport.send(self, request)
File "/usr/local/lib/python2.7/dist-packages/suds/transport/http.py", line 77, in send
fp = self.u2open(u2request)
File "/usr/local/lib/python2.7/dist-packages/suds/transport/http.py", line 118, in u2open
return url.open(u2request, timeout=tm)
File "/usr/lib/python2.7/urllib2.py", line 404, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 422, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open
return self.do_open(httplib.HTTPSConnection, req)
File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [Errno 1] _ssl.c:510: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small>
回溯(最近一次呼叫最后一次):
文件“read_xml.py”,第71行,在
client.service.PO(采购订单)
文件“/usr/local/lib/python2.7/dist packages/suds/client.py”,第542行,在调用中__
返回client.invoke(args、kwargs)
文件“/usr/local/lib/python2.7/dist packages/suds/client.py”,第602行,在invoke中
结果=self.send(soapenv)
文件“/usr/local/lib/python2.7/dist packages/suds/client.py”,第637行,在send中
回复=传输。发送(请求)
文件“/usr/local/lib/python2.7/dist packages/suds/transport/https.py”,第64行,在send中
返回HttpTransport.send(self,request)
文件“/usr/local/lib/python2.7/dist packages/suds/transport/http.py”,第77行,在send中
fp=self.u2open(u2request)
文件“/usr/local/lib/python2.7/dist packages/suds/transport/http.py”,第118行,在u2open中
返回url.open(u2request,timeout=tm)
文件“/usr/lib/python2.7/urllib2.py”,第404行,打开
响应=自身打开(请求,数据)
文件“/usr/lib/python2.7/urllib2.py”,第422行,打开
"开放",
文件“/usr/lib/python2.7/urllib2.py”,第382行,在调用链中
结果=func(*args)
文件“/usr/lib/python2.7/urllib2.py”,第1222行,https_open
返回self.do_open(httplib.HTTPSConnection,req)
文件“/usr/lib/python2.7/urllib2.py”,第1184行,打开
引发URL错误(err)
urllib2.URLError:
我正在查看以下链接
不确定如何实现他们所谈论的内容,再次感谢您的帮助我在Python 3.7中使用了以下代码片段:
import ssl
from urllib.request import HTTPSHandler
from suds.transport.https import HttpAuthenticated
class SSLAuthenticated(HttpAuthenticated):
""" Enables SSL context for Suds. """
def __init__(self, ssl_ciphers: str = ssl._DEFAULT_CIPHERS, **kwargs):
self.ssl_ciphers = ssl_ciphers
super().__init__(**kwargs)
def u2handlers(self):
handlers = super().u2handlers()
ssl_context = ssl.create_default_context()
if self.ssl_ciphers is not None:
ssl_context.set_ciphers(self.ssl_ciphers)
ssl_context_handler = HTTPSHandler(context=ssl_context)
handlers = [ssl_context_handler] + handlers
return handlers
client = suds.Client(transport=SSLAuthenticated(ssl_ciphers='HIGH:!DH'))
要获取网站上可用密码的列表,请运行:
nmap --script ssl-enum-ciphers -p 443 affected.website.com
从A级密码中逐个选择,并进行如下检查:
openssl s_client -connect affected.website.com:443 -cipher 'HIGH:!DH' -brief
我通过更改
DEFAULT@SECLEVEL=2
->DEFAULT@SECLEVEL=1
在/etc/ssl/openssl.cnf
中,您必须配置连接以不使用Diffie Helman(DH)或更改服务器上的内容,请遵循中的说明。如果您控制服务器,最好修复其安全性,并因此更改其dhparams,如前一链接中所述。如果你不控制服务器,你必须使用第一个选项。这解决了我的问题。非常感谢。