5

Is it possible to see which TLS version was negotiated with the server using Python requests module? Something similar to what openssl s_client -connect would return

---
No client certificate CA names sent
---
SSL handshake has read 3043 bytes and written 375 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : ECDHE-RSA-AES256-SHA
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
Improve this question
4
  • What error you are getting? Commented Oct 2, 2017 at 19:04
  • No error, I'm able to connect, but I want to see whether my connection is using TLS 1.2 :) Commented Oct 2, 2017 at 19:05
  • According to the documentation it looks like they use whatever is the urllib3 default is unless you specify differently. But without digging too much more, you could simply use wireshark to log the traffic and view the handshake protocol version in your capture. docs.python-requests.org/en/master/user/advanced/… Commented Oct 2, 2017 at 19:53
  • @stephen yeah, "whatever is the urllib3 default" was my first idea, but Python does not make a lot of sense - documentation says one thing, the code says another one. Like I should have ssl.OP_NO_SSLv3, but ssl.py does not contain this code :D Wireshark was my initial thought, but I'm in a commercial environment and it doesn't work :) Commented Oct 2, 2017 at 20:00

1 Answer 1

Reset to default
2

Copying the core of my other answer at https://stackoverflow.com/a/55462022/6368697 if you want to do things just once and for tests, a monkey patching can be enough (and otherwise read the rest of my answer which offers a proper implementation with a transport adapter, and also proper display of certificates received):

import requests
from requests.packages.urllib3.connection import VerifiedHTTPSConnection

SOCK = None

_orig_connect = requests.packages.urllib3.connection.VerifiedHTTPSConnection.connect

def _connect(self):
    global SOCK
    _orig_connect(self)
    SOCK = self.sock

requests.packages.urllib3.connection.VerifiedHTTPSConnection.connect = _connect

requests.get('https://yahoo.com')
tlscon = SOCK.connection
print 'Cipher is %s/%s' % (tlscon.get_cipher_name(), tlscon.get_cipher_version())
print 'Remote certificates: %s' % (tlscon.get_peer_certificate())
print 'Protocol version: %s' % tlscon.get_protocol_version_name()

This yields:

Cipher is ECDHE-RSA-AES128-GCM-SHA256/TLSv1.2
Remote certificates: <OpenSSL.crypto.X509 object at 0x10c60e310>
Protocol version: TLSv1.2
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.