-
-
Save mdz/4069684 to your computer and use it in GitHub Desktop.
#!/usr/bin/python | |
# mdz@heroku.com 2012-11-13 | |
import httplib | |
import ssl | |
import socket | |
import sys | |
class HTTPSConnectionWithSSLVersion(httplib.HTTPSConnection): | |
def __init__(self, host, port=None, key_file=None, cert_file=None, | |
strict=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT, | |
ssl_version=ssl.PROTOCOL_SSLv23): | |
httplib.HTTPSConnection.__init__(self, host, port, key_file, cert_file, strict, timeout) | |
self.ssl_version = ssl_version | |
def connect(self): | |
sock = socket.create_connection((self.host, self.port), | |
self.timeout) | |
if self._tunnel_host: | |
self.sock = sock | |
self._tunnel() | |
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=self.ssl_version) | |
def test(ssl_version): | |
conn = HTTPSConnectionWithSSLVersion('elb000016-256743859.us-east-1.elb.amazonaws.com', 443, ssl_version=ssl_version) | |
conn.putrequest('GET', '/', skip_host=True) | |
conn.putheader('Host', 'tlsdebugging.herokuapp.com') | |
conn.endheaders() | |
response = conn.getresponse() | |
conn.close() | |
return response.status | |
def test_loop(ssl_version): | |
requests = 0 | |
failures = 0 | |
try: | |
while True: | |
errcode = test(ssl_version) | |
requests += 1 | |
if errcode == 503: | |
sys.stdout.write('X') | |
failures += 1 | |
else: | |
sys.stdout.write('.') | |
sys.stdout.flush() | |
except KeyboardInterrupt, e: | |
print '%d failures of %d requests (%.2f%%)' % (failures, requests, failures * 100.0 / requests) | |
except httplib.BadStatusLine, e: | |
print 'Bad status line! Got: "%s"' % e.line | |
def main(): | |
if len(sys.argv) < 2: | |
test_loop(ssl.PROTOCOL_SSLv23) | |
elif sys.argv[1] == '--force-sslv3': | |
test_loop(ssl.PROTOCOL_SSLv3) | |
elif sys.argv[1] == '--force-tlsv1': | |
test_loop(ssl.PROTOCOL_TLSv1) | |
else: | |
raise | |
if __name__ == '__main__': main() |
mzimmerman@bastion.957|ops.herokai.com ~$ python ssltest.py --force-sslv3
.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................X............................................................................................................................................................................................................................................................................................................................................................................^C
1 failures of 1022 requests (0.10%)
for whatever reason, this doesn't appear to actually force SSLv3. If I spin up openssl s_server -no_sslv3 -no_sslv2
, it'll still connect. The ruby equivalent at https://gist.github.com/a4c08567afc01992a939 works
mzimmerman@bastion.957|ops.herokai.com ~$ python ssltest.py
................................................................................
................................................................................
.........X......................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
......................................................^C
1 failures of 1974 requests (0.05%)