def will_use_tls_1_3(): """ Will OpenSSL negotiate TLS 1.3? """ ctx = Context(SSLv23_METHOD) connection = Connection(ctx, None) return connection.get_protocol_version_name() == u'TLSv1.3'
def testWeakCipher(host,port,protocolList): # Create a list to put all analysed data protoDataList = [] # Test the size of the cipher for each protocol avaiable and get the Cipher Suite for proto in protocolList: try: # Construct the socket client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect((host, port)) # Estabilish a SSL connection client_ssl = Connection(Context(methods[proto]), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(host) # Try to perform an SSL handshake client_ssl.do_handshake() # Obtain the name of the protocol being used protoName = (client_ssl.get_protocol_version_name()) # Obtain the size of the cipher being used by the protocol bitSize = (client_ssl.get_cipher_bits()) # Obtain the Cipher Suite suite = client_ssl.get_cipher_name() # Create a compiled data data = (protoName,bitSize,suite) # Put the data obtained on the list protoDataList.append(data) # Close the connection client_ssl.close() client.close() except openSSLError as e: # Server may be down or avoiding SSL connection print _('Servidor nao esta respondendo') return except ValueError as e: # Not configured or not allowed print _('Servidor nao esta configurado') return # Print the results print bcolors.BOLD + _("Protocolo\tTamanho da Cifra\tCifra") + bcolors.ENDC for protoData in protoDataList: print protoData[0] + '\t\t' + str(protoData[1]) + ' bits' + ( '(OK)' if (protoData[1] >=128) else _('(FRACA)')) + '\the\t' + str(protoData[2])
def identifyProtocol(host,port): # Create a list to put all analysed data protoDataList = [] try: # Construct the socket client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect((host, port)) # Estabilish a SSL connection using the server's preferred connection client_ssl = Connection(Context(SSLv23_METHOD), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(host) # Try to perform an SSL handshake client_ssl.do_handshake() # Obtain the name of the protocol being used protoName = (client_ssl.get_protocol_version_name()) # Obtain the size of the cipher being used by the protocol bitSize = (client_ssl.get_cipher_bits()) # Obtain the Cipher Suite suite = client_ssl.get_cipher_name() # Create a compiled data data = (protoName,bitSize,suite) # Put the data obtained on the list protoDataList.append(data) # Close the connection client_ssl.close() client.close() # Shpw the data print _('Preferido: ') + str(protoName) + _('\nCifra: ') + str(suite) + _('\nTamanho em bits: ') + str(bitSize) # Return the protocol method used by pyOpenSSL return methodName[protoName] except openSSLError as e: # Server may be down or avoiding SSL connection print _('\nNao foi possivel identificar o protocolo padrao\n') return 0 except ValueError as e: # Not configured or not allowed print _('\nNao foi possivel identificar o protocolo padrao\n') return 0
from socket import socket, gethostbyname from OpenSSL.SSL import Connection, Context, TLSv1_METHOD, WantReadError, VERIFY_PEER try: ip = gethostbyname(hostname) except Exception, e: print e return None try: s = socket() s.connect((ip, port)) sslcontext = Context(TLSv1_METHOD) sslcontext.set_timeout(30) c = Connection(sslcontext, s) c.set_connect_state() c.set_tlsext_host_name(hostname) proto_v_name = c.get_protocol_version_name() print "try to handshake with server: %s using %s" % (ip, proto_v_name) c.do_handshake() cert_chain = c.get_peer_cert_chain() c.shutdown() s.close() except Exception, e: print e return None else: return cert_chain def read_cert_object(x509_object): """ - 解析单个x509对象并返回解析结果,自定义字典