尝试使用suds发送 SOAP 请求,我正在使用Python 2.7.6。
我不是很精通安全性,我被引导相信无论是安全性 - 密钥,在我的机器上还是在服务器的机器上太小,我不确定如何解决。我是否生成一些新密钥并创建自定义打开器?任何帮助/指导都会有所帮助。
堆栈跟踪:
Traceback (most recent call last):
File "read_xml.py", line 71, in <module>
client.service.PO(purchase_orders)
File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 542, in __call__
return client.invoke(args, kwargs)
File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 602, in invoke
result = self.send(soapenv)
File "/usr/local/lib/python2.7/dist-packages/suds/client.py", line 637, in send
reply = transport.send(request)
File "/usr/local/lib/python2.7/dist-packages/suds/transport/https.py", line 64, in send
return HttpTransport.send(self, request)
File "/usr/local/lib/python2.7/dist-packages/suds/transport/http.py", line 77, in send
fp = self.u2open(u2request)
File "/usr/local/lib/python2.7/dist-packages/suds/transport/http.py", line 118, in u2open
return url.open(u2request, timeout=tm)
File "/usr/lib/python2.7/urllib2.py", line 404, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 422, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open
return self.do_open(httplib.HTTPSConnection, req)
File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [Errno 1] _ssl.c:510: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small>
我正在查看以下链接
Python - requests.exceptions.SSLError - dh key too small
https://bugs.python.org/issue24985
https://unix.stackexchange.com/questions/333877/how-to-find-which-key-exactly-dh-key-too-small-openssl-error-is-about
不确定如何实现他们所说的内容,再次感谢任何帮助
我通过在/etc/ssl/openssl.cnf中更改DEFAULT@SECLEVEL=2->DEFAULT@SECLEVEL=1来解决此问题
我在Python 3.7中使用此代码片段:
import ssl
from urllib.request import HTTPSHandler
from suds.transport.https import HttpAuthenticated
class SSLAuthenticated(HttpAuthenticated):
""" Enables SSL context for Suds. """
def __init__(self, ssl_ciphers: str = ssl._DEFAULT_CIPHERS, **kwargs):
self.ssl_ciphers = ssl_ciphers
super().__init__(**kwargs)
def u2handlers(self):
handlers = super().u2handlers()
ssl_context = ssl.create_default_context()
if self.ssl_ciphers is not None:
ssl_context.set_ciphers(self.ssl_ciphers)
ssl_context_handler = HTTPSHandler(context=ssl_context)
handlers = [ssl_context_handler] + handlers
return handlers
client = suds.Client(transport=SSLAuthenticated(ssl_ciphers='HIGH:!DH'))
要获取网站上可用密码的列表,请运行:
nmap --script ssl-enum-ciphers -p 443 affected.website.com
从A级密码中逐个选择并像这样检查它们:
openssl s_client -connect affected.website.com:443 -cipher 'HIGH:!DH' -brief