Fatal编程技术网
  • ssl/
  • Ssl 是否可以识别TLS信息。请求响应?

Ssl 是否可以识别TLS信息。请求响应?

ssl

Ssl 是否可以识别TLS信息。请求响应?,ssl,python-requests,python-3.6,Ssl,Python Requests,Python 3.6,我正在使用python的请求模块。我可以通过以下方式获取服务器的响应头和应用程序层数据: import requests r = requests.get('https://yahoo.com') print(r.url) 我的问题:请求是否允许检索传输层数据(服务器的TLS选定版本、密码套件等) 这是一个快速的丑陋猴子补丁版本,它可以工作: import requests from requests.packages.urllib3.connection import VerifiedH

我正在使用python的请求模块。我可以通过以下方式获取服务器的响应头和应用程序层数据:

import requests
r = requests.get('https://yahoo.com')
print(r.url)
我的问题:请求是否允许检索传输层数据(服务器的TLS选定版本、密码套件等)

这是一个快速的丑陋猴子补丁版本,它可以工作:

import requests
from requests.packages.urllib3.connection import VerifiedHTTPSConnection

SOCK = None

_orig_connect = requests.packages.urllib3.connection.VerifiedHTTPSConnection.connect

def _connect(self):
    global SOCK
    _orig_connect(self)
    SOCK = self.sock

requests.packages.urllib3.connection.VerifiedHTTPSConnection.connect = _connect

requests.get('https://yahoo.com')
tlscon = SOCK.connection
print 'Cipher is %s/%s' % (tlscon.get_cipher_name(), tlscon.get_cipher_version())
print 'Remote certificates: %s' % (tlscon.get_peer_certificate())
print 'Protocol version: %s' % tlscon.get_protocol_version_name()
这将产生:

Cipher is ECDHE-RSA-AES128-GCM-SHA256/TLSv1.2
Remote certificates: <OpenSSL.crypto.X509 object at 0x10c60e310>
Protocol version: TLSv1.2
是的,
socket
connection
之间的命名有很多混淆:请求使用一个“连接池”,它有一组连接,事实上,对于HTTPS,这是一个PyOpenSSL WrappedSocket,它本身有一个底层真实的TLS连接(即PyOpenSSL连接对象)。因此,
connection\u inspector
中出现了奇怪的形式

但这将返回预期的结果:

host is yahoo.com
port is 443
connection is <requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x10bb372d0>
socket is <requests.packages.urllib3.contrib.pyopenssl.WrappedSocket object at 0x10bb37410>
Protocol version: TLSv1.2
Cipher is ECDHE-RSA-AES128-GCM-SHA256/TLSv1.2
Remote certificate: {'subjectAltName': [('DNS', '*.www.yahoo.com'), ('DNS', 'add.my.yahoo.com'), ('DNS', '*.amp.yimg.com'), ('DNS', 'au.yahoo.com'), ('DNS', 'be.yahoo.com'), ('DNS', 'br.yahoo.com'), ('DNS', 'ca.my.yahoo.com'), ('DNS', 'ca.rogers.yahoo.com'), ('DNS', 'ca.yahoo.com'), ('DNS', 'ddl.fp.yahoo.com'), ('DNS', 'de.yahoo.com'), ('DNS', 'en-maktoob.yahoo.com'), ('DNS', 'espanol.yahoo.com'), ('DNS', 'es.yahoo.com'), ('DNS', 'fr-be.yahoo.com'), ('DNS', 'fr-ca.rogers.yahoo.com'), ('DNS', 'frontier.yahoo.com'), ('DNS', 'fr.yahoo.com'), ('DNS', 'gr.yahoo.com'), ('DNS', 'hk.yahoo.com'), ('DNS', 'hsrd.yahoo.com'), ('DNS', 'ideanetsetter.yahoo.com'), ('DNS', 'id.yahoo.com'), ('DNS', 'ie.yahoo.com'), ('DNS', 'in.yahoo.com'), ('DNS', 'it.yahoo.com'), ('DNS', 'maktoob.yahoo.com'), ('DNS', 'malaysia.yahoo.com'), ('DNS', 'mbp.yimg.com'), ('DNS', 'my.yahoo.com'), ('DNS', 'nz.yahoo.com'), ('DNS', 'ph.yahoo.com'), ('DNS', 'qc.yahoo.com'), ('DNS', 'ro.yahoo.com'), ('DNS', 'se.yahoo.com'), ('DNS', 'sg.yahoo.com'), ('DNS', 'tw.yahoo.com'), ('DNS', 'uk.yahoo.com'), ('DNS', 'us.yahoo.com'), ('DNS', 'verizon.yahoo.com'), ('DNS', 'vn.yahoo.com'), ('DNS', 'www.yahoo.com'), ('DNS', 'yahoo.com'), ('DNS', 'za.yahoo.com')], 'subject': ((('commonName', u'*.www.yahoo.com'),),)}

主机是yahoo.com
港口是443
连接是
插座是
协议版本:TLSv1.2
密码是ECDHE-RSA-AES128-GCM-SHA256/TLSv1.2
远程证书:{'subjectAltName':[('DNS','*.www.yahoo.com'),('DNS','add.my.yahoo.com'),('DNS','*.amp.yimg.com'),('DNS','au.yahoo.com'),('DNS','be.yahoo.com'),('DNS','br.yahoo.com'),('DNS','ca.my.yahoo.com'),('DNS','ca.rogers.yahoo.com'),('DNS','ca.yahoo.com'),('DNS','ca.yahoo.com'),('DNS','DNS','ddl.fp yahoo.com'),('DNS','DNS',('DNS','en maktoob.yahoo.com'),('DNS','espanol.yahoo.com'),('DNS','es.yahoo.com'),('DNS','fr-ca.rogers.yahoo.com'),('DNS','frontier.yahoo.com'),('DNS','gr yahoo.com'),('DNS','hk.yahoo.com'),('DNS','hsrd.yahoo.com'),('DNS','ideantsetter.yahoo.com'),('DNS','id.yahoo.com'),(',('DNS','ie.yahoo.com'),('DNS','in.yahoo.com'),('DNS','it.yahoo.com'),('DNS','maktoob.yahoo.com'),('DNS','mbp.yimg.com'),('DNS','my.yahoo.com'),('DNS','nz.yahoo.com'),('DNS','ph.yahoo.com'),('DNS','qc.yahoo.com'),('DNS','ro.yahoo.com'),('DNS','se.yahoo.com'),('sg雅虎.com'),',('DNS','tw.yahoo.com'),('DNS','uk.yahoo.com'),('DNS','us.yahoo.com'),('DNS','verizon.yahoo.com'),('DNS','www.yahoo.com'),('DNS','za.yahoo.com'),'subject':(('commonName',u'*.www.yahoo.com'),),)}
其他想法:

  • 如果使用基本上
    poolmanager.pool\u classes\u by_scheme['http']=MyHTTPConnectionPool
    ,您可能会删除很多代码,但这仍然是猴子补丁,令人遗憾的是,poolmanager没有为
    pool\u classes\u by_scheme
    变量提供一个很好的API来轻松覆盖它
  • PyOpenSSL ssl_上下文可能能够保留在TLS握手期间调用的回调,并获取底层数据;然后在
    init_poolmanager
    中,您只需在调用超类之前在
    kwargs
    中设置ssl_上下文;本例在 
    host is yahoo.com
port is 443
connection is <requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x10bb372d0>
socket is <requests.packages.urllib3.contrib.pyopenssl.WrappedSocket object at 0x10bb37410>
Protocol version: TLSv1.2
Cipher is ECDHE-RSA-AES128-GCM-SHA256/TLSv1.2
Remote certificate: {'subjectAltName': [('DNS', '*.www.yahoo.com'), ('DNS', 'add.my.yahoo.com'), ('DNS', '*.amp.yimg.com'), ('DNS', 'au.yahoo.com'), ('DNS', 'be.yahoo.com'), ('DNS', 'br.yahoo.com'), ('DNS', 'ca.my.yahoo.com'), ('DNS', 'ca.rogers.yahoo.com'), ('DNS', 'ca.yahoo.com'), ('DNS', 'ddl.fp.yahoo.com'), ('DNS', 'de.yahoo.com'), ('DNS', 'en-maktoob.yahoo.com'), ('DNS', 'espanol.yahoo.com'), ('DNS', 'es.yahoo.com'), ('DNS', 'fr-be.yahoo.com'), ('DNS', 'fr-ca.rogers.yahoo.com'), ('DNS', 'frontier.yahoo.com'), ('DNS', 'fr.yahoo.com'), ('DNS', 'gr.yahoo.com'), ('DNS', 'hk.yahoo.com'), ('DNS', 'hsrd.yahoo.com'), ('DNS', 'ideanetsetter.yahoo.com'), ('DNS', 'id.yahoo.com'), ('DNS', 'ie.yahoo.com'), ('DNS', 'in.yahoo.com'), ('DNS', 'it.yahoo.com'), ('DNS', 'maktoob.yahoo.com'), ('DNS', 'malaysia.yahoo.com'), ('DNS', 'mbp.yimg.com'), ('DNS', 'my.yahoo.com'), ('DNS', 'nz.yahoo.com'), ('DNS', 'ph.yahoo.com'), ('DNS', 'qc.yahoo.com'), ('DNS', 'ro.yahoo.com'), ('DNS', 'se.yahoo.com'), ('DNS', 'sg.yahoo.com'), ('DNS', 'tw.yahoo.com'), ('DNS', 'uk.yahoo.com'), ('DNS', 'us.yahoo.com'), ('DNS', 'verizon.yahoo.com'), ('DNS', 'vn.yahoo.com'), ('DNS', 'www.yahoo.com'), ('DNS', 'yahoo.com'), ('DNS', 'za.yahoo.com')], 'subject': ((('commonName', u'*.www.yahoo.com'),),)}