aiohttp with tlsv1

SSLErrorDebug.md

debug ssl in command line

• knowledge about tls: https://hpbn.co/transport-layer-security-tls/

• OS: mac

    curl 'https://www.mdnkids.com'
    curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.mdnkids.com:443
  

Oops, something wrong with ssl coonection, try to establish tls connection

openssl s_client  -connect www.mdnkids.com:443 -msg
# if fail, try openssl s_client -CApath /usr/local/etc/openssl/certs  -connect www.mdnkids.com:443 -msg

==> TLS 1.2 Handshake [length 0139], ClientHello
==> ...
==>  TLS 1.0 Handshake [length 004a], ServerHello
==>  TLS 1.0 Handshake [length 0c0a], Certificate
==> ...
==> TLS 1.0 Handshake [length 0010], Finished

Oops, client try with tls version num 1.2, but server only accept tls v1 now, specific curl with tls version

curl --tlsv1.0 'https://www.mdnkids.com/'

==> # great, html content show up

tlsv1.py

# python3.x
# hint https://github.com/requests/requests/issues/4046

import ssl
import aiohttp
import asyncio


async def test():
    FORCED_CIPHERS = (
        'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
        'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES'
    )
    sslcontext = ssl.create_default_context()
    # sslcontext.options |= ssl.OP_NO_SSLv3
    # sslcontext.options |= ssl.OP_NO_SSLv2
    # sslcontext.options |= ssl.OP_NO_TLSv1_1
    sslcontext.options |= ssl.OP_NO_TLSv1_2
    # sslcontext.options |= ssl.OP_NO_TLSv1_3
    sslcontext.set_ciphers(FORCED_CIPHERS)

    print(repr(sslcontext.options))
    session = aiohttp.ClientSession(connector=aiohttp.TCPConnector(limit=50, loop=loop, verify_ssl=False))
    r = await session.get('https://www.mdnkids.com/news/?Serial_NO=108552', ssl=sslcontext)
    print(await r.text())

if __name__ == "__main__":
    loop = asyncio.get_event_loop()
    loop.run_until_complete(test())