I have a python server using BaseHTTPServer and SimpleHTTPServer to respond to clients over SSL. I am able to use a generated SSL cert to secure connections, but am unable to choose which security protocol to use (e.g. SSLv1, TLS 1.2, SSLv3).
Is there any way to specify the security protocol to use within these modules, or is there a python module that I could use instead to provide similar functionality and be able to specify security protocol?
Related
The situation is that a desktop application is needed to be run in the background (an application that would be "hanging around" in the system tray) with an API. For simplicity reasons, I chose Flask to build the API and Python overall to build the desktop part of it. Is this a practical or reasonable way to create a desktop application? The application itself will not be large scale, it will only hold several Python scripts.
Basically, a Microsoft PowerApp will be communicating with this API on the desktop. When a call will be executed from the Microsoft PowerApp to the API, it will be targeting a public static IP address to a specific port, then that will be forwarded to the local IP of the Flask application. I understand that PowerApps requires SSL to communicate with applications. I can figure out how to build the API and desktop part of it, but I cannot figure out the SSL certificates. When I try to generate a certificate through CertBot, it requires me to supply a domain. This situation will not be using a domain, only the public static IP. Does this at all seem logical to do or should a different approach be taken?
Though some SSL certificate providers support issuing certs to IP addresses, do yourself a favor and get the one assigned to a hostname. Just use organization's domain to create a hostname you like.
Alternatively, try entering IP address instead of domain when ordering a certificate.
You can read more about IP-based certs here: Is it possible to have SSL certificate for IP address, not domain name?
how do I use pymongo behind proxy that require authentication?
I am able to find settings for ssh tunnel servers, such as
How to connect remote mongodb with pymongo
But I am working on a environment that is behind a firewall that need to use proxy authentication. How do I config for that? For OSX terminal I use something similar to this:
export http_proxy="username:password#ip address:port number"
I find this new feature for socks5 proxy authentication https://jira.mongodb.org/browse/CSHARP-734, but I am just looking for basic or NTLM authentication methods, is it supported?
pymongo does not use http protocol.
You can not use http_proxy.
See https://jira.mongodb.org/browse/PYTHON-1182 for details.
But you can use socks5 proxy
for example:i use v2rayN + proxifier on my windows
I’m extracting the SSL certificate from a website using the socket + ssl library in python. My understanding that it connects using the preferred method used by the server.
Using this method I’m able to identify what version of SSL is used to connect, but I also need to identify whether the website supports SSL v3, in the case when the default connection is TLS.
Is there a way to identify this information without manually testing multiple SSL connections?
I don't think sites advertise what they support. Rather, it's negotiated between client and server.
You could use the excellent server tester at www.ssllabs.com. It will try lots of configurations and report what the server in question supports. (Hopefully the site doesn't support SSL v3!)
I have a beginner PythonAnywhere account, which, the account comparison page notes, have "Access to External Internet Sites: Specific Sites via HTTP(S) Only."
So I know only certain hosts can be accessed through HTTP protocols, but are there restrictions on use of the socket module? In particular, can I set up a Python server using socket?
PythonAnywhere dev here. Short answer: you can't run a socket server on PythonAnywhere, no.
Longer answer: the socket module is supported, and from paid accounts you can use it for outbound connections just like you could on your normal machine. On a free account, you could also create a socket connection to the proxy server that handles free accounts' Internet access, and then use the HTTP protocol to request a whitelisted site from it (though that would be hard work, and it would be easier to use requests or something like that).
What you can't do on PythonAnywhere is run a socket server that can be accessed from outside our system.
Nope. PythonAnywhere doesn't support the socket module.
I am writing a Flask Web-Application and use eventlet as the networking library for that application (eventlet is wrapped by Flask-SocketIO to allow asynchronous operation)
Following this guide I have been successfully creating a SSL key- and cert-file which I pass to the WSGI Server
socket_io.run(app,
host=APP_HOST,
port=APP_PORT,
keyfile='ia.key',
certfile='ia.crt')
This works fine but unfortunately Safari / Chrome says that my SSL-Certificate is not trustworthy when I access the page for the first time.
The Chrome-Failure is the following:
NET::ERR_CERT_COMMON_NAME_INVALID
How to I generate a valid SSL Certificate so that the browsers don't show that error when a user connects to the web application the first time!?
That is because it is something called a "Self Signed Certificate", which is not from any trusted company, so any modern browser auto-detects this as an untrusted site. If you are using a UNIX-based operating system, (Linux, or macOS, Fedora, and more), you can use what I am using. You have to generate new certification from a trusted site.
This is what I use to get a TRUSTED certificate that most browsers can use: https://certbot.eff.org/instructions.