Python ssl.PROTOCOL_SSLv3() Examples
The following are 17
code examples of ssl.PROTOCOL_SSLv3().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
ssl
, or try the search function
.
.
Example #1
| Source File: test_functional_ssl.py From pyftpdlib with MIT License | 6 votes |
|
def try_protocol_combo(self, server_protocol, client_protocol):
self._setup(ssl_protocol=server_protocol)
self.client.ssl_version = client_protocol
close_client(self.client)
self.client.connect(self.server.host, self.server.port)
try:
self.client.login()
except (ssl.SSLError, socket.error):
self.client.close()
else:
self.client.quit()
# def test_ssl_version(self):
# protos = [ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23,
# ssl.PROTOCOL_TLSv1]
# if hasattr(ssl, "PROTOCOL_SSLv2"):
# protos.append(ssl.PROTOCOL_SSLv2)
# for proto in protos:
# self.try_protocol_combo(ssl.PROTOCOL_SSLv2, proto)
# for proto in protos:
# self.try_protocol_combo(ssl.PROTOCOL_SSLv3, proto)
# for proto in protos:
# self.try_protocol_combo(ssl.PROTOCOL_SSLv23, proto)
# for proto in protos:
# self.try_protocol_combo(ssl.PROTOCOL_TLSv1, proto)
Example #2
| Source File: z_tcptrans.py From z-ssl-proxy with Apache License 2.0 | 6 votes |
|
def newconnect(self):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
remote = ssl.wrap_socket(s,
ca_certs= CA,
cert_reqs=ssl.CERT_REQUIRED,
ssl_version = ssl.PROTOCOL_SSLv3)
remote.connect(self.server.seradd)
if not self.server.seradd[0] == remote.getpeercert()['subjectAltName'][0][1]:
logging.error('Server crt error !! Server Name don\'t mach !!')
logging.error(remote.getpeercert()['subjectAltName'][0][1])
return
if not self.send_PW(remote):
logging.warn('PW error !')
return
except socket.error, e:
logging.warn(e)
return
Example #3
| Source File: int_ssl.py From pysslscan with GNU Lesser General Public License v3.0 | 6 votes |
|
def convert_version2method(protocol_version):
"""
Convert internal protocol version ID to Python SSL method.
:param Integer protocol_version: Version ID
:return: OpenSSL method or None if not found
:rtype: OpenSSL method or None
"""
if protocol_version == flextls.registry.version.SSLv2:
return ssl.PROTOCOL_SSLv2
if protocol_version == flextls.registry.version.SSLv3:
return ssl.PROTOCOL_SSLv3
if protocol_version == flextls.registry.version.TLSv10:
return ssl.PROTOCOL_TLSv1
if protocol_version == flextls.registry.version.TLSv11:
return ssl.PROTOCOL_TLSv1_1
if protocol_version == flextls.registry.version.TLSv12:
return ssl.PROTOCOL_TLSv1_2
return None
Example #4
| Source File: imaplib2.py From sndlatr with Apache License 2.0 | 5 votes |
|
def ssl_wrap_socket(self):
# Allow sending of keep-alive messages - seems to prevent some servers
# from closing SSL, leading to deadlocks.
self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)
try:
import ssl
if self.ca_certs is not None:
cert_reqs = ssl.CERT_REQUIRED
else:
cert_reqs = ssl.CERT_NONE
if self.ssl_version == "tls1":
ssl_version = ssl.PROTOCOL_TLSv1
elif self.ssl_version == "ssl2":
ssl_version = ssl.PROTOCOL_SSLv2
elif self.ssl_version == "ssl3":
ssl_version = ssl.PROTOCOL_SSLv3
elif self.ssl_version == "ssl23" or self.ssl_version is None:
ssl_version = ssl.PROTOCOL_SSLv23
else:
raise socket.sslerror("Invalid SSL version requested: %s", self.ssl_version)
self.sock = ssl.wrap_socket(self.sock, self.keyfile, self.certfile, ca_certs=self.ca_certs, cert_reqs=cert_reqs, ssl_version=ssl_version)
ssl_exc = ssl.SSLError
self.read_fd = self.sock.fileno()
except ImportError:
# No ssl module, and socket.ssl has no fileno(), and does not allow certificate verification
raise socket.sslerror("imaplib2 SSL mode does not work without ssl module")
if self.cert_verify_cb is not None:
cert_err = self.cert_verify_cb(self.sock.getpeercert(), self.host)
if cert_err:
raise ssl_exc(cert_err)
Example #5
| Source File: test_ftplib.py From CTFCrackTools with GNU General Public License v3.0 | 5 votes |
|
def test_auth_ssl(self):
try:
self.client.ssl_version = ssl.PROTOCOL_SSLv3
self.client.auth()
self.assertRaises(ValueError, self.client.auth)
finally:
self.client.ssl_version = ssl.PROTOCOL_TLSv1
Example #6
| Source File: test_ftplib.py From CTFCrackTools-V2 with GNU General Public License v3.0 | 5 votes |
|
def test_auth_ssl(self):
try:
self.client.ssl_version = ssl.PROTOCOL_SSLv3
self.client.auth()
self.assertRaises(ValueError, self.client.auth)
finally:
self.client.ssl_version = ssl.PROTOCOL_TLSv1
Example #7
| Source File: poodle-sample-1.py From poodle with GNU General Public License v2.0 | 5 votes |
|
def handle(self):
self.request = ssl.wrap_socket(self.request, keyfile="cert.pem", certfile="cert.pem", server_side=True, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_NONE, ciphers="SHA1+DES")
while True:
try:
data = self.request.recv(1024)
if data == '':
break
#print 'securely received: %s' % repr(data)
self.request.send('ok')
except ssl.SSLError as e:
#print 'ssl error: %s' % str(e)
break
return
Example #8
| Source File: poodle-sample-1.py From poodle with GNU General Public License v2.0 | 5 votes |
|
def trigger(self, prefix, suffix=''):
s = socket.create_connection((MITM_HOST, MITM_PORT))
s = ssl.wrap_socket(s, server_side=False, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_NONE, ciphers="SHA1+DES")
self.message = None
try:
s.send('%s|secret=%s|%s' % (prefix, secret, suffix))
s.recv(2)
except ssl.SSLError as e:
#print 'ssl error: %s' % str(e)
pass
s.close()
return self.message
Example #9
| Source File: test_ftplib.py From gcblue with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def test_auth_ssl(self):
try:
self.client.ssl_version = ssl.PROTOCOL_SSLv3
self.client.auth()
self.assertRaises(ValueError, self.client.auth)
finally:
self.client.ssl_version = ssl.PROTOCOL_TLSv1
Example #10
| Source File: test_functional_ssl.py From oss-ftp with MIT License | 5 votes |
|
def test_ssl_version(self):
protos = [ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1]
if hasattr(ssl, "PROTOCOL_SSLv2"):
protos.append(ssl.PROTOCOL_SSLv2)
for proto in protos:
self.try_protocol_combo(ssl.PROTOCOL_SSLv2, proto)
for proto in protos:
self.try_protocol_combo(ssl.PROTOCOL_SSLv3, proto)
for proto in protos:
self.try_protocol_combo(ssl.PROTOCOL_SSLv23, proto)
for proto in protos:
self.try_protocol_combo(ssl.PROTOCOL_TLSv1, proto)
Example #11
| Source File: test_functional_ssl.py From oss-ftp with MIT License | 5 votes |
|
def test_ssl_version(self):
protos = [ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1]
if hasattr(ssl, "PROTOCOL_SSLv2"):
protos.append(ssl.PROTOCOL_SSLv2)
for proto in protos:
self.try_protocol_combo(ssl.PROTOCOL_SSLv2, proto)
for proto in protos:
self.try_protocol_combo(ssl.PROTOCOL_SSLv3, proto)
for proto in protos:
self.try_protocol_combo(ssl.PROTOCOL_SSLv23, proto)
for proto in protos:
self.try_protocol_combo(ssl.PROTOCOL_TLSv1, proto)
Example #12
| Source File: test_ftplib.py From BinderFilter with MIT License | 5 votes |
|
def test_auth_ssl(self):
try:
self.client.ssl_version = ssl.PROTOCOL_SSLv3
self.client.auth()
self.assertRaises(ValueError, self.client.auth)
finally:
self.client.ssl_version = ssl.PROTOCOL_TLSv1
Example #13
| Source File: imaplib2.py From imapfw with MIT License | 4 votes |
|
def ssl_wrap_socket(self):
try:
import ssl
TLS_MAP = {}
if hasattr(ssl, "PROTOCOL_TLSv1_2"): # py3
TLS_MAP[TLS_SECURE] = {
"tls1_2": ssl.PROTOCOL_TLSv1_2,
"tls1_1": ssl.PROTOCOL_TLSv1_1,
}
else:
TLS_MAP[TLS_SECURE] = {}
TLS_MAP[TLS_NO_SSL] = TLS_MAP[TLS_SECURE].copy()
TLS_MAP[TLS_NO_SSL].update({
"tls1": ssl.PROTOCOL_TLSv1,
})
TLS_MAP[TLS_COMPAT] = TLS_MAP[TLS_NO_SSL].copy()
TLS_MAP[TLS_COMPAT].update({
"ssl23": ssl.PROTOCOL_SSLv23,
None: ssl.PROTOCOL_SSLv23,
})
if hasattr(ssl, "PROTOCOL_SSLv3"): # Might not be available.
TLS_MAP[TLS_COMPAT].update({
"ssl3": ssl.PROTOCOL_SSLv3
})
if self.ca_certs is not None:
cert_reqs = ssl.CERT_REQUIRED
else:
cert_reqs = ssl.CERT_NONE
if self.tls_level not in TLS_MAP:
raise RuntimeError("unknown tls_level: %s" % self.tls_level)
if self.ssl_version not in TLS_MAP[self.tls_level]:
raise socket.sslerror("Invalid SSL version '%s' requested for tls_version '%s'" % (self.ssl_version, self.tls_level))
ssl_version = TLS_MAP[self.tls_level][self.ssl_version]
self.sock = ssl.wrap_socket(self.sock, self.keyfile, self.certfile, ca_certs=self.ca_certs, cert_reqs=cert_reqs, ssl_version=ssl_version)
ssl_exc = ssl.SSLError
self.read_fd = self.sock.fileno()
except ImportError:
# No ssl module, and socket.ssl has no fileno(), and does not allow certificate verification
raise socket.sslerror("imaplib SSL mode does not work without ssl module")
if self.cert_verify_cb is not None:
cert_err = self.cert_verify_cb(self.sock.getpeercert(), self.host)
if cert_err:
raise ssl_exc(cert_err)
# Allow sending of keep-alive messages - seems to prevent some servers
# from closing SSL, leading to deadlocks.
self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)
Example #14
| Source File: echo_client.py From pywebsocket with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def __init__(self,
raw_socket, tls_module, tls_version, disable_tls_compression):
self._logger = util.get_class_logger(self)
if tls_module == _TLS_BY_STANDARD_MODULE:
if tls_version == _TLS_VERSION_SSL23:
version = ssl.PROTOCOL_SSLv23
elif tls_version == _TLS_VERSION_SSL3:
version = ssl.PROTOCOL_SSLv3
elif tls_version == _TLS_VERSION_TLS1:
version = ssl.PROTOCOL_TLSv1
else:
raise ValueError(
'Invalid --tls-version flag: %r' % tls_version)
if disable_tls_compression:
raise ValueError(
'--disable-tls-compression is not available for ssl '
'module')
self._tls_socket = ssl.wrap_socket(raw_socket, ssl_version=version)
# Print cipher in use. Handshake is done on wrap_socket call.
self._logger.info("Cipher: %s", self._tls_socket.cipher())
elif tls_module == _TLS_BY_PYOPENSSL:
if tls_version == _TLS_VERSION_SSL23:
version = OpenSSL.SSL.SSLv23_METHOD
elif tls_version == _TLS_VERSION_SSL3:
version = OpenSSL.SSL.SSLv3_METHOD
elif tls_version == _TLS_VERSION_TLS1:
version = OpenSSL.SSL.TLSv1_METHOD
else:
raise ValueError(
'Invalid --tls-version flag: %r' % tls_version)
context = OpenSSL.SSL.Context(version)
if disable_tls_compression:
# OP_NO_COMPRESSION is not defined in OpenSSL module.
context.set_options(0x00020000)
self._tls_socket = OpenSSL.SSL.Connection(context, raw_socket)
# Client mode.
self._tls_socket.set_connect_state()
self._tls_socket.setblocking(True)
# Do handshake now (not necessary).
self._tls_socket.do_handshake()
else:
raise ValueError('No TLS support module is available')
Example #15
| Source File: simple_httpclient.py From viewfinder with Apache License 2.0 | 4 votes |
|
def _create_stream(self, addrinfo):
af = addrinfo[0][0]
if self.parsed.scheme == "https":
ssl_options = {}
if self.request.validate_cert:
ssl_options["cert_reqs"] = ssl.CERT_REQUIRED
if self.request.ca_certs is not None:
ssl_options["ca_certs"] = self.request.ca_certs
else:
ssl_options["ca_certs"] = _DEFAULT_CA_CERTS
if self.request.client_key is not None:
ssl_options["keyfile"] = self.request.client_key
if self.request.client_cert is not None:
ssl_options["certfile"] = self.request.client_cert
# SSL interoperability is tricky. We want to disable
# SSLv2 for security reasons; it wasn't disabled by default
# until openssl 1.0. The best way to do this is to use
# the SSL_OP_NO_SSLv2, but that wasn't exposed to python
# until 3.2. Python 2.7 adds the ciphers argument, which
# can also be used to disable SSLv2. As a last resort
# on python 2.6, we set ssl_version to SSLv3. This is
# more narrow than we'd like since it also breaks
# compatibility with servers configured for TLSv1 only,
# but nearly all servers support SSLv3:
# http://blog.ivanristic.com/2011/09/ssl-survey-protocol-support.html
if sys.version_info >= (2, 7):
ssl_options["ciphers"] = "DEFAULT:!SSLv2"
else:
# This is really only necessary for pre-1.0 versions
# of openssl, but python 2.6 doesn't expose version
# information.
ssl_options["ssl_version"] = ssl.PROTOCOL_SSLv3
return SSLIOStream(socket.socket(af),
io_loop=self.io_loop,
ssl_options=ssl_options,
max_buffer_size=self.max_buffer_size)
else:
return IOStream(socket.socket(af),
io_loop=self.io_loop,
max_buffer_size=self.max_buffer_size)
Example #16
| Source File: simple_httpclient.py From viewfinder with Apache License 2.0 | 4 votes |
|
def _create_stream(self, addrinfo):
af = addrinfo[0][0]
if self.parsed.scheme == "https":
ssl_options = {}
if self.request.validate_cert:
ssl_options["cert_reqs"] = ssl.CERT_REQUIRED
if self.request.ca_certs is not None:
ssl_options["ca_certs"] = self.request.ca_certs
else:
ssl_options["ca_certs"] = _DEFAULT_CA_CERTS
if self.request.client_key is not None:
ssl_options["keyfile"] = self.request.client_key
if self.request.client_cert is not None:
ssl_options["certfile"] = self.request.client_cert
# SSL interoperability is tricky. We want to disable
# SSLv2 for security reasons; it wasn't disabled by default
# until openssl 1.0. The best way to do this is to use
# the SSL_OP_NO_SSLv2, but that wasn't exposed to python
# until 3.2. Python 2.7 adds the ciphers argument, which
# can also be used to disable SSLv2. As a last resort
# on python 2.6, we set ssl_version to SSLv3. This is
# more narrow than we'd like since it also breaks
# compatibility with servers configured for TLSv1 only,
# but nearly all servers support SSLv3:
# http://blog.ivanristic.com/2011/09/ssl-survey-protocol-support.html
if sys.version_info >= (2, 7):
ssl_options["ciphers"] = "DEFAULT:!SSLv2"
else:
# This is really only necessary for pre-1.0 versions
# of openssl, but python 2.6 doesn't expose version
# information.
ssl_options["ssl_version"] = ssl.PROTOCOL_SSLv3
return SSLIOStream(socket.socket(af),
io_loop=self.io_loop,
ssl_options=ssl_options,
max_buffer_size=self.max_buffer_size)
else:
return IOStream(socket.socket(af),
io_loop=self.io_loop,
max_buffer_size=self.max_buffer_size)
Example #17
| Source File: configuration.py From mqttwarn with Eclipse Public License 2.0 | 4 votes |
|
def __init__(self, configuration_file, defaults=None):
defaults = defaults or {}
RawConfigParser.__init__(self)
f = codecs.open(configuration_file, 'r', encoding='utf-8')
self.read_file(f)
f.close()
''' set defaults '''
self.hostname = 'localhost'
self.port = 1883
self.username = None
self.password = None
self.clientid = None
self.lwt = None
self.skipretained = False
self.cleansession = False
self.protocol = 3
self.logformat = '%(asctime)-15s %(levelname)-8s [%(name)-25s] %(message)s'
self.logfile = None
self.loglevel = 'DEBUG'
self.functions = None
self.num_workers = 1
self.directory = '.'
self.ca_certs = None
self.tls_version = None
self.certfile = None
self.keyfile = None
self.tls_insecure = False
self.tls = False
self.__dict__.update(defaults)
self.__dict__.update(self.config('defaults'))
if HAVE_TLS == False:
logger.error("TLS parameters set but no TLS available (SSL)")
sys.exit(2)
if self.ca_certs is not None:
self.tls = True
if self.tls_version is not None:
if self.tls_version == 'tlsv1_2':
self.tls_version = ssl.PROTOCOL_TLSv1_2
if self.tls_version == 'tlsv1_1':
self.tls_version = ssl.PROTOCOL_TLSv1_1
if self.tls_version == 'tlsv1':
self.tls_version = ssl.PROTOCOL_TLSv1
if self.tls_version == 'sslv3':
self.tls_version = ssl.PROTOCOL_SSLv3
self.loglevelnumber = self.level2number(self.loglevel)
self.functions = load_functions(self.functions)
