admin管理员组文章数量:1387360
I need to get data from a URL that has some certificate problems. It works with curl -k (that skips verification). So I tried with verify=False in python requests but I'm still getting [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE]. Any idea how to bypass this?
I'm using python 3.10.12 and requests 2.32.3 Here goes a code for testing purposes:
import os
import requests
# curl fails
teste = os.system("curl -o capabilities.xml ';version=1.3.0&request=GetCapabilities'")
# ignoring verification -k works
teste = os.system("curl -k -o capabilities.xml ';version=1.3.0&request=GetCapabilities'")
# Trying with python
url = ";
params = {
'service':'WMS',
'version':'1.3.0',
'request':'GetCapabilities'
}
# this fails with certificate error
teste = requests.get(url, params)
# verify = False does not do the trick
teste = requests.get(url, params, verify=False)
Update:
It appears as though the site uses only TLS1.2 for cypher suit and python requests does not like that. Any way to have python use that Cypher?
I need to get data from a URL that has some certificate problems. It works with curl -k (that skips verification). So I tried with verify=False in python requests but I'm still getting [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE]. Any idea how to bypass this?
I'm using python 3.10.12 and requests 2.32.3 Here goes a code for testing purposes:
import os
import requests
# curl fails
teste = os.system("curl -o capabilities.xml 'https://geoserver.car.gov.br/geoserver/ows?service=WMS&version=1.3.0&request=GetCapabilities'")
# ignoring verification -k works
teste = os.system("curl -k -o capabilities.xml 'https://geoserver.car.gov.br/geoserver/ows?service=WMS&version=1.3.0&request=GetCapabilities'")
# Trying with python
url = "https://geoserver.car.gov.br/geoserver/ows"
params = {
'service':'WMS',
'version':'1.3.0',
'request':'GetCapabilities'
}
# this fails with certificate error
teste = requests.get(url, params)
# verify = False does not do the trick
teste = requests.get(url, params, verify=False)
Update:
It appears as though the site uses only TLS1.2 for cypher suit and python requests does not like that. Any way to have python use that Cypher?
Share Improve this question edited Mar 17 at 13:29 Daniel asked Mar 17 at 13:11 DanielDaniel 6301 gold badge5 silver badges15 bronze badges 1- If your OpenSSL version is "old enough" (pre March 2020), apparently it can be done by lowering the minimal required protocol version, reddit/r/learnpython/comments/hw6ann/comment/fyzh0ex If that's not an option/doesn't work for you, you might need something like this, I'm guessing? lukasa.co.uk/2017/02/Configuring_TLS_With_Requests – C3roe Commented Mar 17 at 13:36
1 Answer
Reset to default 0The problem is not the TLS version, TLS 1.2 is still allowed by default in current Python. The problem is instead that the server only supports weak ciphers which require the obsolete RSA key exchange (i.e. no forward secrecy). To allow this you need to adjust the security level:
import requests
import ssl
from requests.adapters import HTTPAdapter
class CustomSSLAdapter(HTTPAdapter):
def init_poolmanager(self, *args, **kwargs):
ssl_context = ssl.create_default_context()
ssl_context.set_ciphers('DEFAULT@SECLEVEL=0')
ssl_context.check_hostname = False
kwargs["ssl_context"] = ssl_context
return super().init_poolmanager(*args, **kwargs)
sess = requests.Session()
sess.mount('https://', CustomSSLAdapter())
url = 'https://geoserver.car.gov.br/geoserver/ows?service=WMS&version=1.3.0&request=GetCapabilities'
resp = sess.get(url, verify=False)
print(resp)
本文标签: python requests on URL with bad certificate SSL SSLV3ALERTHANDSHAKEFAILUREStack Overflow
版权声明:本文标题:python requests on URL with bad certificate [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744558577a2612628.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论