def will_use_tls_1_3():
"""
Will OpenSSL negotiate TLS 1.3?
"""
ctx = Context(SSLv23_METHOD)
connection = Connection(ctx, None)
return connection.get_protocol_version_name() == u'TLSv1.3'
def will_use_tls_1_3():
"""
Will OpenSSL negotiate TLS 1.3?
"""
ctx = Context(SSLv23_METHOD)
connection = Connection(ctx, None)
return connection.get_protocol_version_name() == u'TLSv1.3'
def testWeakCipher(host,port,protocolList):
# Create a list to put all analysed data
protoDataList = []
# Test the size of the cipher for each protocol avaiable and get the Cipher Suite
for proto in protocolList:
try:
# Construct the socket
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.connect((host, port))
# Estabilish a SSL connection
client_ssl = Connection(Context(methods[proto]), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(host)
# Try to perform an SSL handshake
client_ssl.do_handshake()
# Obtain the name of the protocol being used
protoName = (client_ssl.get_protocol_version_name())
# Obtain the size of the cipher being used by the protocol
bitSize = (client_ssl.get_cipher_bits())
# Obtain the Cipher Suite
suite = client_ssl.get_cipher_name()
# Create a compiled data
data = (protoName,bitSize,suite)
# Put the data obtained on the list
protoDataList.append(data)
# Close the connection
client_ssl.close()
client.close()
except openSSLError as e: # Server may be down or avoiding SSL connection
print _('Servidor nao esta respondendo')
return
except ValueError as e: # Not configured or not allowed
print _('Servidor nao esta configurado')
return
# Print the results
print bcolors.BOLD + _("Protocolo\tTamanho da Cifra\tCifra") + bcolors.ENDC
for protoData in protoDataList:
print protoData[0] + '\t\t' + str(protoData[1]) + ' bits' + ( '(OK)' if (protoData[1] >=128) else _('(FRACA)')) + '\the\t' + str(protoData[2])
def identifyProtocol(host,port):
# Create a list to put all analysed data
protoDataList = []
try:
# Construct the socket
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.connect((host, port))
# Estabilish a SSL connection using the server's preferred connection
client_ssl = Connection(Context(SSLv23_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(host)
# Try to perform an SSL handshake
client_ssl.do_handshake()
# Obtain the name of the protocol being used
protoName = (client_ssl.get_protocol_version_name())
# Obtain the size of the cipher being used by the protocol
bitSize = (client_ssl.get_cipher_bits())
# Obtain the Cipher Suite
suite = client_ssl.get_cipher_name()
# Create a compiled data
data = (protoName,bitSize,suite)
# Put the data obtained on the list
protoDataList.append(data)
# Close the connection
client_ssl.close()
client.close()
# Shpw the data
print _('Preferido: ') + str(protoName) + _('\nCifra: ') + str(suite) + _('\nTamanho em bits: ') + str(bitSize)
# Return the protocol method used by pyOpenSSL
return methodName[protoName]
except openSSLError as e: # Server may be down or avoiding SSL connection
print _('\nNao foi possivel identificar o protocolo padrao\n')
return 0
except ValueError as e: # Not configured or not allowed
print _('\nNao foi possivel identificar o protocolo padrao\n')
return 0
from socket import socket, gethostbyname
from OpenSSL.SSL import Connection, Context, TLSv1_METHOD, WantReadError, VERIFY_PEER
try:
ip = gethostbyname(hostname)
except Exception, e:
print e
return None
try:
s = socket()
s.connect((ip, port))
sslcontext = Context(TLSv1_METHOD)
sslcontext.set_timeout(30)
c = Connection(sslcontext, s)
c.set_connect_state()
c.set_tlsext_host_name(hostname)
proto_v_name = c.get_protocol_version_name()
print "try to handshake with server: %s using %s" % (ip, proto_v_name)
c.do_handshake()
cert_chain = c.get_peer_cert_chain()
c.shutdown()
s.close()
except Exception, e:
print e
return None
else:
return cert_chain
def read_cert_object(x509_object):
"""
- 解析单个x509对象并返回解析结果,自定义字典
