Re: [Cryptography-dev] Cipher/tls cipher negotiated

Fri, 14 Jul 2017 03:02:30 -0700 

> On 14 Jul 2017, at 01:49, Karan karan <karan7...@gmail.com> wrote:
> 
> Hi,
> 
> I'm trying to test different cipher and protocols using the request packages, 
> for which i extend the HTTPAdapter. Here are some of the code snippet i have :
> https://lukasa.co.uk/2013/01/Choosing_SSL_Version_In_Requests/ 
> <https://lukasa.co.uk/2013/01/Choosing_SSL_Version_In_Requests/>
> 
> and then wrap it in Session object as follows:
> 
> from ssl import SSLContext
> ...
> def create_connection(self, sessionreuse=None):
>               """
>               Create a http connection over ssl
>       Arguments: 
>       Returns:   returns the Session object, which can use to be make HTTP 
> call
> 
>               """
>               if self._ssl_version and self._cipher:
>                       self._context = SSLContext(self._ssl_version)
>                       self._context.set_ciphers(self._ciphers)
>               cipher_adapter = SSLAdapter({'ssl_context': self._context})
>               if self._proxy:
>                       self._session.update(proxies)
>               self._session.mount('https://', cipher_adapter)
>               return self._session
> 
> Then i use self._session to make get call.
> 
> What i need to find is the :
> - SSL version negotatiated finally 
> - Cipher used by the server.
> 
> I would appreciate if some one could help out on it.

As Alex has suggested, this is not really an appropriate question for this 
mailing list. In future, Stack Overflow is the best place to ask this question: 
the requests mailing list is defunct.

However, the answer is that you need to extract the socket object out. This is 
difficult to do and requires accessing a bunch of undocumented properties of 
the response object. The response object does not expose any of these fields.

If you’re willing to accept the fact that you’re accessing undocumented private 
parts of the code, then on Python 3 you can do this:

>>> r = s.get(url, stream=True)
>>> sslsocket = r.raw._fp.fp.raw._sock

This will return a stdlib ssl.SSLSocket, with all associated methods. On Python 
2, you want:

>>> r = s.get(url, stream=True)
>>> sslsocket = r.raw._fp.fp._sock

Please be aware that you *must* set stream=True: otherwise, the socket object 
will be gone already and you cannot ask the questions you want to ask.

Cory


_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev

Reply via email to