browser: add Browser.TLS_CIPHERS attribute to set the cipherers chain to use (!734) · Merge requests · woob / woob

Romain Bignon requested to merge rbignon/woob:cipherers into master Feb 27, 2023

On websites with low security configuration, it would be necessary to be more flexible.

Here is an example script:

from woob.browser.browsers import Browser

for cipherers in (None, 'HIGH:!DH:!aNULL', None):
    class MyBrowser(Browser):
        TLS_CIPHERS = ciphers

    browser = MyBrowser()

    print('Browser.TLS_CIPHERS = %r' % ciphers)

    try:
        r = browser.open('https://labanquepostale.offrebourse.com/ReroutageSJR')
    except Exception as e:
        print(e)
    else:
        print(r)

    # Check if it still works without TLS
    browser.open('http://example.org')

    print('-----')

Output:

Browser.TLS_CIPHERS = None
HTTPSConnectionPool(host='labanquepostale.offrebourse.com', port=443): Max retries exceeded with url: /ReroutageSJR (Caused by SSLError(SSLError(1, '[SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:992)')))
-----
Browser.TLS_CIPHERS = 'HIGH:!DH:!aNULL'
<Response [200]>
-----
Browser.TLS_CIPHERS = None
HTTPSConnectionPool(host='labanquepostale.offrebourse.com', port=443): Max retries exceeded with url: /ReroutageSJR (Caused by SSLError(SSLError(1, '[SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:992)')))
-----

Edited Feb 27, 2023 by Romain Bignon

browser: add Browser.TLS_CIPHERS attribute to set the cipherers chain to use

Merge request reports