Monday, 14 September 2015

InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail.

While retriving C&C servers for palevo bots, I encountered an error -

 "InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail....."

psj@psj-desktop:~/Developement/palevo$ python requests_palevo_domains.py
/usr/local/lib/python2.6/dist-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
Traceback (most recent call last):
  File "requests_proxy_usage.py", line 9, in <module>
    r=requests.get('https://palevotracker.abuse.ch/blocklists.php?download=domainblocklist',proxies=proxy_dict)
  File "/usr/local/lib/python2.6/dist-packages/requests/api.py", line 69, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python2.6/dist-packages/requests/api.py", line 50, in request
    response = session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.6/dist-packages/requests/sessions.py", line 465, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.6/dist-packages/requests/sessions.py", line 573, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.6/dist-packages/requests/adapters.py", line 431, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [Errno 8] _ssl.c:480: EOF occurred in violation of protocol

There are multiple ways to overcome this issue:

1) Upgrade to python 2.7.9  as suggested in urllib3 documentation - https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning

2) By default, python standard library’s ssl module is used. Unfortunately, there are several limitations which are addressed by PyOpenSSL:
  • (Python 2.x) SNI support.
  • (Python 2.x-3.2) Disabling compression to mitigate CRIME attack.
To use the Python OpenSSL bindings instead, you’ll need to install the required packages:
 
$ pip install --upgrade pyopenssl ndg-httpsclient pyasn1
 
or 
 
$ pip install requests[security] 

No comments:

Post a Comment