我正在使用Python和请求抓取一些内部页面。我已关闭SSL验证和警告。
requests.packages.urllib3.disable_warnings() page = requests.get(url, verify=False)
在某些服务器上,我收到无法逾越的SSL错误。
Traceback (most recent call last): File "scraper.py", line 6, in <module> page = requests.get(url, verify=False) File "/cygdrive/c/Users/jfeocco/VirtualEnv/scraping/lib/python3.4/site-packages/requests/api.py", line 71, in get return request('get', url, params=params, **kwargs) File "/cygdrive/c/Users/jfeocco/VirtualEnv/scraping/lib/python3.4/site-packages/requests/api.py", line 57, in request return session.request(method=method, url=url, **kwargs) File "/cygdrive/c/Users/jfeocco/VirtualEnv/scraping/lib/python3.4/site-packages/requests/sessions.py", line 475, in request resp = self.send(prep, **send_kwargs) File "/cygdrive/c/Users/jfeocco/VirtualEnv/scraping/lib/python3.4/site-packages/requests/sessions.py", line 585, in send r = adapter.send(request, **kwargs) File "/cygdrive/c/Users/jfeocco/VirtualEnv/scraping/lib/python3.4/site-packages/requests/adapters.py", line 477, in send raise SSLError(e, request=request) requests.exceptions.SSLError: [SSL: SSL_NEGATIVE_LENGTH] dh key too small (_ssl.c:600)
在Windows和OSX中,在Cygwin内外均会发生这种情况。我的研究表明服务器上的OpenSSL已过时。我正在寻找理想的修复客户端。
编辑:我能够通过使用密码集来解决此问题
import requests requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += 'HIGH:!DH:!aNULL' try: requests.packages.urllib3.contrib.pyopenssl.DEFAULT_SSL_CIPHER_LIST += 'HIGH:!DH:!aNULL' except AttributeError: # no pyopenssl support used / needed / available pass page = requests.get(url, verify=False)
禁用警告或证书验证将无济于事。根本的问题是服务器使用的DH密钥较弱,可能会在Logjam Attack中被滥用。
要解决此问题,您需要选择一种不使用Diffie Hellman密钥交换且因此不受弱DH密钥影响的密码。并且该密码必须由服务器支持。服务器支持什么是未知的,但您可以尝试使用以下密码AES128-SHA或一组密码HIGH:!DH:!aNULL
AES128-SHA
HIGH:!DH:!aNULL
