6

What is the equivalent to sudo openssl s_client -connect in python open ssl?

I have looked over documentation and have yet to find anything that is useful. I want to compare the results to the certifier lib, because I am not sold that the certifier lib is actually accurate. I just want to get the following: 

---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID: CEB4CF30EA4F1074039F5596CDDCA1073D683FFAC6D1DA1F68FCBA0FDDADDD38
    Session-ID-ctx:
    Master-Key: F5929F0740A855C32F6755ED45710D467314AF16BE52962FC8664A6E5105A6004DEC9E64B92DFEFAC6FE80FDDE65C814
    Key-Arg   : None
    Start Time: 1490843868
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

That I would get in the command line call.

Basically, I want an equivalent to the following:

cert = CertInfo(host=hostname, port=443)  # ('RC4-SHA', 'TLSv1/SSLv3', 128)
info = cert.cipher()

I do not know any information what so ever about the host, other than the domain, so I am trying to figure out how to do a bare connection. This is apparently incorrect because it errors: 

context = ssl.create_default_context()

conn = context.wrap_socket(socket.socket(socket.AF_INET), server_hostname=hostname)
conn.connect(('google.com', 443))

cert = conn.getpeercert()
Soatl
  • 10,224
  • 28
  • 95
  • 153
  • [Opening a SSL socket connection in Python](http://stackoverflow.com/q/26851034/608639)? – jww Mar 30 '17 at 18:16
  • What's the error? What is the value of `hostname`? When I use `hostname = www.google.com`, I get a valid response equivalent to `info([ binary_form ])`. If you want, `cert.cipher()`, `conn.cipher()`. – Flair Apr 21 '20 at 19:48

0 Answers0