I use Python requests on the client to connect TLS to the server. This is the code I'm using:
import ssl
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager
from requests.packages.urllib3.util import ssl_
CIPHERS = (
'RSA+AES'
)
class TlsAdapter(HTTPAdapter):
def __init__(self, ssl_options=0, **kwargs):
self.ssl_options = ssl_options
super(TlsAdapter, self).__init__(**kwargs)
def init_poolmanager(self, *pool_args, **pool_kwargs):
ctx = ssl_.create_urllib3_context(ciphers=CIPHERS, cert_reqs=ssl.CERT_REQUIRED, options=self.ssl_options)
print(ssl.PROTOCOL_TLS)
self.poolmanager = PoolManager(*pool_args,
ssl_context=ctx,
**pool_kwargs)
session = requests.session()
adapter = TlsAdapter(ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1)
session.mount("https://", adapter)
r = session.request('GET', 'https://awesome.com', verify='/etc/ssl/certs/ca-certificates.crt')
print(r)
When I look at the clientโs welcome message in Wireshark, I see the optional cipher "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" in the list of ciphers provided by the client.
Can someone tell me what the cipher is and what it does? Is there a way to remove this from the list of ciphers sent in the client's welcome message?
I tried to find this problem, but could not find a suitable answer.
Thank!
source
share