1

I am trying to retrieve webcam snapshots from this website with Requests, but I get the following error:

requests.exceptions.SSLError: HTTPSConnectionPool(host='secure.rcrquebec.com', port=443): Max retries exceeded with url: /webcams/msa.webcamExpert01/Webcam.jpg (Caused by SSLError(SSLError("bad handshake: SysCallError(-1, 'Unexpected EOF')",),))

If I look the image/page with Google Chrome in debug mode, the security overview tells me that the page has a valid certificate, but uses obsolete protocol. My understanding is that this is the reason for my SSLError. Chrome's security overview says that:

The connection to this site uses TLS 1.0 (an obsolete protocol), RSA (an obsolete key exchange), and 3DES_EDE_CBC with HMAC-SHA1 (an obsolete cipher).

So I tried to force Requests to use SSL Version 1.0 as explained here without any success.

from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager
import ssl, requests

class MyAdapter(HTTPAdapter):
    def init_poolmanager(self, connections, maxsize, block=False):
        self.poolmanager = PoolManager(num_pools=connections,
                                       maxsize=maxsize,
                                       block=block,
                                       ssl_version=ssl.PROTOCOL_TLSv1)

s = requests.Session()
s.mount('https://', MyAdapter())
r = s.get('https://secure.rcrquebec.com/webcams/msa.webcamExpert01/Webcam.jpg')

Do I need to account for the obsolete key exchange and cipher as well? If yes how?

Jean-François Bourdon
  • 92
  • 1
  • 12
  • The site is severely broken. The question I've linked too shows how to deal with the problem of the insecure/obsolete ciphers, i.e. enforce 3DES. Nevertheless you will then run into more problems since the certificate chain for this site is not properly set up, see the [SSLLabs report](https://www.ssllabs.com/ssltest/analyze.html?d=secure.rcrquebec.com) for more information. But this would then by a different question which likely was also asked before already. – Steffen Ullrich Jun 05 '18 at 20:04
  • Thanks for the link to the other question about TLS, it helped me to better understand the problem. However, I'm still in the water, even with [this blog post](https://lukasa.co.uk/2017/02/Configuring_TLS_With_Requests/) I don't see how to insert `3DES_EDE_CBC_SHA` in the cipher list for exemple. Thanks again on this one, but I may just give up on trying to retrieve images from this broken site... – Jean-François Bourdon Jun 06 '18 at 16:03
  • `3DES_EDE_CBC_SHA` and `DES-CBC3-SHA` as used in the answer are the same cipher, just different naming conventions. Thus you can simply use the appropriate line from the answer. – Steffen Ullrich Jun 06 '18 at 16:12

0 Answers0