如何在 Python 3.8 中使用 TLS 1.0?
How to use TLS 1.0 with Python 3.8?
我有一个使用 jira 模块与 Jira 连接的代码。
不幸的是,Jira 服务器仅支持 SSLv3 和 TLS1。
我知道它们是旧协议,主机将在今年年底前接受新协议。
但在那之前,我需要我的 python 代码使用 TLS1.
在 Jira 上进行连接
在 Python 3.6 中它工作正常,但在 Python 3.8 中它不起作用,它向我显示了下面的错误消息。
Python 3.8.2 (default, Apr 27 2020, 15:53:34)
[GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from jira import JIRA
>>> import urllib3
>>> urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
>>>
>>> options = {"server": "https://jira.mycompany.com/", "verify": False}
>>> jira = JIRA(options, auth=("user", "pass"))
WARNING:root:HTTPSConnectionPool(host='jira.mycompany.com', port=443): Max retries exceeded with url: /rest/auth/1/session (Caused by SSLError(SSLError(1, '[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1108)'))) while doing POST https://jira.mycompany.com/rest/auth/1/session [{'data': '{"username": "user", "password": "pass"}', 'headers': {'User-Agent': 'python-requests/2.23.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json,*.*;q=0.9', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache', 'Content-Type': 'application/json', 'X-Atlassian-Token': 'no-check'}}]
WARNING:root:Got ConnectionError [HTTPSConnectionPool(host='jira.mycompany.com', port=443): Max retries exceeded with url: /rest/auth/1/session (Caused by SSLError(SSLError(1, '[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1108)')))] errno:None on POST https://jira.mycompany.com/rest/auth/1/session
{'response': None, 'request': <PreparedRequest [POST]>}\{'response': None, 'request': <PreparedRequest [POST]>}
WARNING:root:Got recoverable error from POST https://jira.mycompany.com/rest/auth/1/session, will retry [1/3] in 7.597192960254091s. Err: HTTPSConnectionPool(host='jira.mycompany.com', port=443): Max retries exceeded with url: /rest/auth/1/session (Caused by SSLError(SSLError(1, '[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1108)')))
我已经检查过,OpenSSL 支持 TLS1。
$ openssl s_client -help 2>&1 > /dev/null | egrep "\-(ssl|tls)[^a-z]"
-ssl_config val Use specified configuration file
-tls1 Just use TLSv1
-tls1_1 Just use TLSv1.1
-tls1_2 Just use TLSv1.2
-tls1_3 Just use TLSv1.3
-ssl_client_engine val Specify engine to be used for client certificate operations
仅使用 requests 得到相同的结果。
python3 -c "import requests; requests.get('https://jira.mycompany.com/')"
Traceback (most recent call last):
File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 381, in _make_request
self._validate_conn(conn)
File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 976, in _validate_conn
conn.connect()
File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/connection.py", line 361, in connect
self.sock = ssl_wrap_socket(
File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 377, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1108)
如何将 Python 3.8 与 TLS1 一起使用?
我解决了下面安装 python 包的问题。
这样就安装好了pyOpenSSL.
让我引用文档:
If you install urllib3 with the secure extra, all required packages
for certificate verification will be installed.
pip install urllib3[secure]
如果我理解正确 Python 通过模块 ssl.
附带了自己的 SSL 实现
以这种方式安装 urllib3 将强制 Python 通过 pyOpenSSL.
使用 OpenSSL 实现
我有一个使用 jira 模块与 Jira 连接的代码。
不幸的是,Jira 服务器仅支持 SSLv3 和 TLS1。
我知道它们是旧协议,主机将在今年年底前接受新协议。
但在那之前,我需要我的 python 代码使用 TLS1.
在 Python 3.6 中它工作正常,但在 Python 3.8 中它不起作用,它向我显示了下面的错误消息。
Python 3.8.2 (default, Apr 27 2020, 15:53:34)
[GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from jira import JIRA
>>> import urllib3
>>> urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
>>>
>>> options = {"server": "https://jira.mycompany.com/", "verify": False}
>>> jira = JIRA(options, auth=("user", "pass"))
WARNING:root:HTTPSConnectionPool(host='jira.mycompany.com', port=443): Max retries exceeded with url: /rest/auth/1/session (Caused by SSLError(SSLError(1, '[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1108)'))) while doing POST https://jira.mycompany.com/rest/auth/1/session [{'data': '{"username": "user", "password": "pass"}', 'headers': {'User-Agent': 'python-requests/2.23.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json,*.*;q=0.9', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache', 'Content-Type': 'application/json', 'X-Atlassian-Token': 'no-check'}}]
WARNING:root:Got ConnectionError [HTTPSConnectionPool(host='jira.mycompany.com', port=443): Max retries exceeded with url: /rest/auth/1/session (Caused by SSLError(SSLError(1, '[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1108)')))] errno:None on POST https://jira.mycompany.com/rest/auth/1/session
{'response': None, 'request': <PreparedRequest [POST]>}\{'response': None, 'request': <PreparedRequest [POST]>}
WARNING:root:Got recoverable error from POST https://jira.mycompany.com/rest/auth/1/session, will retry [1/3] in 7.597192960254091s. Err: HTTPSConnectionPool(host='jira.mycompany.com', port=443): Max retries exceeded with url: /rest/auth/1/session (Caused by SSLError(SSLError(1, '[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1108)')))
我已经检查过,OpenSSL 支持 TLS1。
$ openssl s_client -help 2>&1 > /dev/null | egrep "\-(ssl|tls)[^a-z]"
-ssl_config val Use specified configuration file
-tls1 Just use TLSv1
-tls1_1 Just use TLSv1.1
-tls1_2 Just use TLSv1.2
-tls1_3 Just use TLSv1.3
-ssl_client_engine val Specify engine to be used for client certificate operations
仅使用 requests 得到相同的结果。
python3 -c "import requests; requests.get('https://jira.mycompany.com/')"
Traceback (most recent call last):
File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 381, in _make_request
self._validate_conn(conn)
File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 976, in _validate_conn
conn.connect()
File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/connection.py", line 361, in connect
self.sock = ssl_wrap_socket(
File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 377, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1108)
如何将 Python 3.8 与 TLS1 一起使用?
我解决了下面安装 python 包的问题。
这样就安装好了pyOpenSSL.
让我引用文档:
If you install urllib3 with the
secureextra, all required packages for certificate verification will be installed.
pip install urllib3[secure]
如果我理解正确 Python 通过模块 ssl.
附带了自己的 SSL 实现
以这种方式安装 urllib3 将强制 Python 通过 pyOpenSSL.
OpenSSL 实现