I'm trying to implement the answer found at Python Paste SSL server with TLSv1.2 and Forward Secrecy.
How do I use context.set_tmp_ecdh()? That method is not defined on either my Linux or Windows machines. It is in the pyOpenSSL docs, and various examples I've seen. I'm using Python 2.6.6 (or 2.7) and pyOpenSSL v 0.13 (specifically CentOS package pyOpenSSL-0.13.1-2.el6.x86_64.rpm). Is there a specific version or additional dependency, etc. that I'm missing?
Support for ecdh was added in pyOpenSSL 0.15, so you can't use it with your installed version of pyOpenSSL.
You'll have to install a newer version.
Related
I'm getting this error:
/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/crypto.py:14:
CryptographyDeprecationWarning: Python 2 is no longer supported by the
Python core team. Support for it is now deprecated in cryptography,
and will be removed in the next release. from cryptography import
utils, x509
I have tried updating the cryptography module and python. What is the solution to this problem?
macOS Monterey ships /usr/bin/python as Python 2.7.18 along with a set of default packages. This Python is provided as a final fallback for compatibility with legacy software. When executing this Apple provided Python you will see the following initial message:
WARNING: Python 2.7 is not recommended.
This version is included in macOS for compatibility with legacy software.
Future versions of macOS will not include Python 2.7.
Instead, it is recommended that you transition to using 'python3' from within Terminal.
Since they are shipping a set of packages that they have shipped for years, this includes cryptography, which also deprecated Python 2 support and began raising warnings about dropping support in version 3.3. Apple ships version 3.3.2, which is the final version of cryptography that supported Python 2.
The only true resolution to this is to stop using Python 2. You can install a newer Python from python.org, use tools like pyenv or conda, or use Apple's Python 3, but migration is required. And, of course, Apple will likely drop their py2 installation next year when macOS 13 is released.
Edit: Apple actually dropped Python 2 in macOS 12.3.
I have been trying to install PySide6 on my PC (Windows 10 64bits) with Python 3.9.0 installed, but I keep getting errors every time.
I used the command pip install PySide6 It is not working for me.
Any help will be appreciated.
Error:
ERROR: Could not find a version that satisfies the requirement pyside2 (from versions: none) ERROR: No matching distribution found for pyside2
Check if you Python installation is 64 bit and not 32 bit. It has an impact on compatible and thus available binaries.
At the time of writing:
The problem is that most of the binaries are not yet compatible and are not yet compiled for Python 3.9 at the time of writing. If you want the best compatibility, use Python 3.7 or Python 3.8. Most of the packages have been compiled for Python 3.8 but not many for Python 3.9.
For the future people that come here:
I would recommend you to keep one minor version behind the current stable release to not face dependency problems as the above section explains.
For Example:
If current stable release is Python 3.12 then you should install Python 3.11 or Python 3.10. Just one or two versions behind the current stable release.
I'm trying to install requests library for Python (2.6.6 on CentOS6) as
sudo pip install requests[security]
I'm getting these error messages:
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Collecting requests[security]
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
I ensured all system libraries are in place
sudo yum install openssl-devel python-devel libffi-devel
and all is good there
so I tried
sudo pip install pyopenssl ndg-httpsclient pyasn1
and
sudo pip install --trusted-host pypi.python.org requests
and these fail as well.
Due to some old code I need to stick to Python 2.6
Any idea what is going wrong here and how to address it?
PS
I have decided to downgrade pip and it came up that errors came up with pip version 6.1+. Thoughts on that?
Indeed, as of 2019, quite a few people are still facing this issue, as they cannot upgrade their system Python (and system-supplied openssl) due to various limitations.
If you'd like to fix the InsecurePlatformWarning .. (Caused by SSLError .. SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version'), the following solution can help someone using an old Linux distro:
Unable to install Python packages using pip in Ubuntu Linux: InsecurePlatformWarning, SSLError, tlsv1 alert protocol version
Python 2.6.6 on CentOS6
In your specific case, the last cryptography version to officially support Python 2.6 was cryptography-2.1.1, although a newer version might work.
The first manylinux1 cryptography package to include its own OpenSSL (1.1.0f) shared lib binding for Linux, regardless of what's on your platform, has appeared in cryptography-2.0 version. The last cryptography that still officially supported Centos 6.4 was version 1.8.2, while newer versions officially supported CentOS 7.x only: https://pypi.org/project/cryptography/#files
Note, cryptography versions<2.0 have no manylinux1 and didn't ship the openssl/ssllib with them, relying on the system-supplied one only (back then, they did so only for other OSes that had/have even bigger SSL problems). While the cryptography-2.0 (manylinux1) is still worth trying, you will probably have to compile the newer openssl version (1.0.1 - 1.1.0) locally on Centos 6.x, before compiling cryptography 1.8.2 to link against it:
https://cryptography.io/en/latest/installation/#using-your-own-openssl-on-linux
https://cryptography.io/en/latest/installation/#rhel-centos
There is also an option to build your own statically-linked wheels that will work on your own systems:
https://cryptography.io/en/latest/installation/#static-wheels
That said,
if all you needed was just to install the requests lib (without solving the notorious SSLError), specifically in Python 2.6.6 on CentOS6, and you are not going to need TLS 1.2 protocol support from requests, you could simply use your Centos repo for that:
$ yum search requests
$ sudo yum install python26-requests
Or, you could get and install requests in a similar way as in the above-mentioned solution, from wheels or from tar.gz downloaded from:
https://pypi.org/project/requests/
Note, the latest requests on PyPI depends on the following Python packages:
urllib3, idna, chardet, certifi
Luckily, these four have no other dependencies and can be obtained from PyPI directly, in the same way - the "Download Files" section on PyPI:
https://pypi.org/project/urllib3/
https://pypi.org/project/idna/
https://pypi.org/project/chardet/
https://pypi.org/project/certifi/
You could download and try to install their latest versions, or use 'Release History' section to locate older versions, depending on your use-case and system-specific requirements.
Note, many web servers (including PyPI) nowadays require TLS 1.2 support, both in the client and server backend, to establish an HTTPS connection, so if you will need this type of connections, requests will not work without fixing the SSLError the way discussed above (or by compiling a newer Python 2.7.9+ against OpenSSL version 1.0.2+ that would have to be compiled as well in that case, before compiling new Python, to link ssl module with it).
Try this:
sudo pip install requests
[secure] is not necessary
From the description of Dtls library, it seems it's not available in python3. And when I want to install with pip install Dtls there's always an
Command "python setup.py egg_info" failed with error code 1 in
C:\Users\sun\AppData\Local\Temp\pip-build-c_46y9mt\Dtls\
Solution here doesn't help. I am using Python 3.6 on Win7.
Do I have another option for DTLS?
python3-dtls is the python3 version for dtls package.
If the library you want to use is not available for the version of your interpreter, then you simply cannot use that library without porting it yourself or waiting for others doing that for you. This is probably not what you want.
This means that Dtls library works only for Python2.7 and version 1.0.0 or higher of the OpenSSL library as mentioned on the website, although it's tested on several plattforms (including yours):
At the time of initial release, PyDTLS 0.1.0 has been tested on Ubuntu 12.04.1 LTS 32-bit and 64-bit, as well as Microsoft Windows 7 32-bit and 64-bit, using CPython 2.7.3. Patches with additional platform ports are welcome.
As of release 1.2.0, PyDTLS is tested on Ubuntu 16.04 LTS as well as Microsoft Windows 10, using CPython 2.7.13.
You can use other libraries if you have to use Python3.x, e.g. standard ssl library or maybe also pyOpenSSL library:
pyOpenSSL remains the only alternative for full-featured TLS code across all noteworthy Python versions from 2.7 through 3.5 and PyPy.
Dtls is a library which simplifies implementation but you are not dependent on it.
Just as a side note: For pyOpenSSL you can also get an idea how to implement it by reading this post.
Im having issues with some older certs that are self generated by my routers. I believe it is because openssl no longer supports 3des encryption.
I would like to downgrade my ssl version in python to see if the problems go away.
Current Version:
>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 1.0.1t 3 May 2016'
>>>
I am using the docker image for python. and that runs:
# cat /etc/issue
Debian GNU/Linux 8 \n \l
Im not sure which version 3des was removed in, but I would need to use the version before that I think.
I'm using aiohttp which I believe uses urllib3 for requests and I haven't been able to get past the handshake failure currently, which I believe is because of 3des encryption?
Figure out the version of OpenSSL you want. Taking the example of version 1.0.0, use the following command:
sudo pip install 'pyOpenSSL==21.0.0' --force-reinstall
Full list of old pyOpenSSL released versions: https://pypi.org/project/pyOpenSSL/