sharl/test-TLSv1_3.py

## test-TLSv1_3.py
# -*- coding: utf-8 -*-
from __future__ import print_function

import socket
import ssl
import pprint

try:
    ssl.HAS_TLSv1_3
except AttributeError:
    print('no TLS v1.3')
    exit()

print('openssl', ssl.OPENSSL_VERSION)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(10)
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
ctx.options |= ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2 | ssl.OP_NO_COMPRESSION
ctx.verify_mode = ssl.CERT_REQUIRED

try:
    ctx.load_verify_locations('/etc/ssl/certs/ca-bundle.trust.crt')
except Exception as e:
    try:
        ctx.load_verify_locations('/etc/ssl/certs/ca-certificates.crt')
    except Exception as e:
        pass

ssl_sock = ctx.wrap_socket(s)
ssl_sock.connect(('tls13.cloudflare.com', 443))
res = ssl_sock.getpeercert()

pprint.pprint(res)
	# -- coding: utf-8 --
	from __future__ import print_function

	import socket
	import ssl
	import pprint

	try:
	ssl.HAS_TLSv1_3
	except AttributeError:
	print('no TLS v1.3')
	exit()

	print('openssl', ssl.OPENSSL_VERSION)

	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.settimeout(10)
	ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
	ctx.options \|= ssl.OP_NO_SSLv2 \| ssl.OP_NO_SSLv3 \| ssl.OP_NO_TLSv1 \| ssl.OP_NO_TLSv1_1 \| ssl.OP_NO_TLSv1_2 \| ssl.OP_NO_COMPRESSION
	ctx.verify_mode = ssl.CERT_REQUIRED

	try:
	ctx.load_verify_locations('/etc/ssl/certs/ca-bundle.trust.crt')
	except Exception as e:
	try:
	ctx.load_verify_locations('/etc/ssl/certs/ca-certificates.crt')
	except Exception as e:
	pass

	ssl_sock = ctx.wrap_socket(s)
	ssl_sock.connect(('tls13.cloudflare.com', 443))
	res = ssl_sock.getpeercert()

	pprint.pprint(res)