Usecase: I want to find out how many ciphers are supported by the hostname with python request module.
I am not able to find a way to provide the cipher name to request module hook. Can anyone suggest the way to provide the way to specify cipher.
import sslfrom requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManagerclass Ssl3HttpAdapter(HTTPAdapter):""""Transport adapter" that allows us to use SSLv3."""def init_poolmanager(self, connections, maxsize, block=False):self.poolmanager = PoolManager(num_pools=connections, maxsize=maxsize,block=block, ssl_version=ssl.PROTOCOL_SSLv3)
If you are using requests version 2.12.0+, there is a blog post on Configuring TLS With Requests, which describes new functionality to allow you to configure the SSLContext (note that this blog post was written after the OP asked the question):
The feature added in Requests v2.12.0 is that urllib3 now accepts anSSLContext object in the constructors for ConnectionPool objects. ThisSSLContext will be used as the factory for the underlying TLSconnection, and so all settings applied to it will also be applied tothose low-level connections.
The best way to do this is to use the SSLContext factory functionrequests.packages.urllib3.util.ssl_.create_urllib3_context. This isanalogous to Python’s ssl.create_default_context function but appliesthe more-strict default TLS configuration that Requests and urllib3both use. This function will return an SSLContext object that can thenhave further configuration applied. On top of that, the function alsotakes a few arguments to allow overriding default configuration.
To provide the new SSLContext object, you will need to write aTransportAdapter that is appropriate for the given host.
The following sample code is given as an example of how to re-enable 3DES in Requests using this method.
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.ssl_ import create_urllib3_context# This is the 2.11 Requests cipher string, containing 3DES.
CIPHERS = ('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:''DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:''!eNULL:!MD5'
)class DESAdapter(HTTPAdapter):"""A TransportAdapter that re-enables 3DES support in Requests."""def init_poolmanager(self, *args, **kwargs):context = create_urllib3_context(ciphers=CIPHERS)kwargs['ssl_context'] = contextreturn super(DESAdapter, self).init_poolmanager(*args, **kwargs)def proxy_manager_for(self, *args, **kwargs):context = create_urllib3_context(ciphers=CIPHERS)kwargs['ssl_context'] = contextreturn super(DESAdapter, self).proxy_manager_for(*args, **kwargs)s = requests.Session()
s.mount('https://some-3des-only-host.com', DESAdapter())
r = s.get('https://some-3des-only-host.com/some-path')
There is also a hack possible, which you can read on the github pages for the requests module, or at https://stackoverflow.com/a/32651967/2364215 but it modifies the underlying library code, I don't recommend it (neither do the authors of the requests module, as you will find on that page). On the other hand, if you are on an older requests package and you can't upgrade, it may be your best option. It amounts to overriding the urllib3 module's DEFAULT_CIPHERS
:
requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += ':RC4-SHA'
If you have other code that will use the requests module after doing the modification, but doesn't need the modification, you may want to restore DEFAULT_CIPHERS
to its previous value.