如何在 Python 3.8 中使用 TLS 1.0？

Question

我有一個使用jira模塊連接到 Jira 的代碼。
不幸的是，Jira 服務器僅支持SSLv3和TLS1 。
我知道它們是舊協議，主辦方將在今年年底前接受新協議。
但在那之前，我需要我的 python 代碼才能使用TLS1在 Jira 上進行連接。

使用 Python 3.6 它工作正常，但是使用 Python 3.8 它不起作用，它向我顯示以下錯誤消息。

Python 3.8.2 (default, Apr 27 2020, 15:53:34) 
[GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from jira import JIRA
>>> import urllib3
>>> urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
>>> 
>>> options = {"server": "https://jira.mycompany.com/", "verify": False}
>>> jira = JIRA(options, auth=("user", "pass"))
WARNING:root:HTTPSConnectionPool(host='jira.mycompany.com', port=443): Max retries exceeded with url: /rest/auth/1/session (Caused by SSLError(SSLError(1, '[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1108)'))) while doing POST https://jira.mycompany.com/rest/auth/1/session [{'data': '{"username": "user", "password": "pass"}', 'headers': {'User-Agent': 'python-requests/2.23.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json,*.*;q=0.9', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache', 'Content-Type': 'application/json', 'X-Atlassian-Token': 'no-check'}}]
WARNING:root:Got ConnectionError [HTTPSConnectionPool(host='jira.mycompany.com', port=443): Max retries exceeded with url: /rest/auth/1/session (Caused by SSLError(SSLError(1, '[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1108)')))] errno:None on POST https://jira.mycompany.com/rest/auth/1/session
{'response': None, 'request': <PreparedRequest [POST]>}\{'response': None, 'request': <PreparedRequest [POST]>}
WARNING:root:Got recoverable error from POST https://jira.mycompany.com/rest/auth/1/session, will retry [1/3] in 7.597192960254091s. Err: HTTPSConnectionPool(host='jira.mycompany.com', port=443): Max retries exceeded with url: /rest/auth/1/session (Caused by SSLError(SSLError(1, '[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1108)')))

我已經檢查過 OpenSSL 支持TLS1 。

$ openssl s_client -help 2>&1  > /dev/null | egrep "\-(ssl|tls)[^a-z]"
 -ssl_config val            Use specified configuration file
 -tls1                      Just use TLSv1
 -tls1_1                    Just use TLSv1.1
 -tls1_2                    Just use TLSv1.2
 -tls1_3                    Just use TLSv1.3
 -ssl_client_engine val     Specify engine to be used for client certificate operations

僅使用requests它會給我相同的結果。

python3 -c "import requests; requests.get('https://jira.mycompany.com/')"
Traceback (most recent call last):
  File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
    httplib_response = self._make_request(
  File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 381, in _make_request
    self._validate_conn(conn)
  File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 976, in _validate_conn
    conn.connect()
  File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/connection.py", line 361, in connect
    self.sock = ssl_wrap_socket(
  File "/home/lazize/repos/myproj/venv/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 377, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.8/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1108)

如何將 Python 3.8 與TLS1一起使用？

Answer 1

我解決了下面安裝 python package 的問題。
它以這種方式安裝了pyOpenSSL 。

讓我引用文檔：

如果您使用secure extra 安裝 urllib3，將安裝證書驗證所需的所有包。

pip install urllib3[secure]

如果我理解正確的話 Python 會通過模塊ssl SSL
以這種方式安裝urllib3將強制 Python 通過pyOpenSSL使用OpenSSL實現。