Home > database >  ssl.SSLError: ('No cipher can be selected.',) - But cipher IS available
ssl.SSLError: ('No cipher can be selected.',) - But cipher IS available

Time:03-01

I've tried with python 3.9.7 and 3.10. I've updated pip, urllib3 and requests. Not sure why this is happening.

Code:

import ssl

sboy = ssl.create_default_context()
print(ssl.OPENSSL_VERSION, sboy.get_ciphers(), sep='\n')
sboy.set_ciphers('TLS_AES_256_GCM_SHA384')

Output:

OpenSSL 1.1.1l  24 Aug 2021
[{'id': 50336514, 'name': 'TLS_AES_256_GCM_SHA384', 'protocol': 'TLSv1.3', 'description': 'TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'aes-256-gcm', 'digest': None, 'kea': 'kx-any', 'auth': 'auth-any'}, {'id': 50336515, 'name': 'TLS_CHACHA20_POLY1305_SHA256', 'protocol': 'TLSv1.3', 'description': 'TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'chacha20-poly1305', 'digest': None, 'kea': 'kx-any', 'auth': 'auth-any'}, {'id': 50336513, 'name': 'TLS_AES_128_GCM_SHA256', 'protocol': 'TLSv1.3', 'description': 'TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD', 'strength_bits': 128, 'alg_bits': 128, 'aead': True, 'symmetric': 'aes-128-gcm', 'digest': None, 'kea': 'kx-any', 'auth': 'auth-any'}, {'id': 50380844, 'name': 'ECDHE-ECDSA-AES256-GCM-SHA384', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'aes-256-gcm', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}, {'id': 50380848, 'name': 'ECDHE-RSA-AES256-GCM-SHA384', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'aes-256-gcm', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}, {'id': 50331807, 'name': 'DHE-RSA-AES256-GCM-SHA384', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'aes-256-gcm', 'digest': None, 'kea': 'kx-dhe', 'auth': 'auth-rsa'}, {'id': 50384041, 'name': 'ECDHE-ECDSA-CHACHA20-POLY1305', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'chacha20-poly1305', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}, {'id': 50384040, 'name': 'ECDHE-RSA-CHACHA20-POLY1305', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'chacha20-poly1305', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}, {'id': 50384042, 'name': 'DHE-RSA-CHACHA20-POLY1305', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'chacha20-poly1305', 'digest': None, 'kea': 'kx-dhe', 'auth': 'auth-rsa'}, {'id': 50380843, 'name': 'ECDHE-ECDSA-AES128-GCM-SHA256', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD', 'strength_bits': 128, 'alg_bits': 128, 'aead': True, 'symmetric': 'aes-128-gcm', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}, {'id': 50380847, 'name': 'ECDHE-RSA-AES128-GCM-SHA256', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD', 'strength_bits': 128, 'alg_bits': 128, 'aead': True, 'symmetric': 'aes-128-gcm', 'digest': None, 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}, {'id': 50331806, 'name': 'DHE-RSA-AES128-GCM-SHA256', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD', 'strength_bits': 128, 'alg_bits': 128, 'aead': True, 'symmetric': 'aes-128-gcm', 'digest': None, 'kea': 'kx-dhe', 'auth': 'auth-rsa'}, {'id': 50380836, 'name': 'ECDHE-ECDSA-AES256-SHA384', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha384', 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}, {'id': 50380840, 'name': 'ECDHE-RSA-AES256-SHA384', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha384', 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}, {'id': 50331755, 'name': 'DHE-RSA-AES256-SHA256', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha256', 'kea': 'kx-dhe', 'auth': 'auth-rsa'}, {'id': 50380835, 'name': 'ECDHE-ECDSA-AES128-SHA256', 'protocol': 'TLSv1.2', 'description': 'ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha256', 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}, {'id': 50380839, 'name': 'ECDHE-RSA-AES128-SHA256', 'protocol': 'TLSv1.2', 'description': 'ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha256', 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}, {'id': 50331751, 'name': 'DHE-RSA-AES128-SHA256', 'protocol': 'TLSv1.2', 'description': 'DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha256', 'kea': 'kx-dhe', 'auth': 'auth-rsa'}, {'id': 50380810, 'name': 'ECDHE-ECDSA-AES256-SHA', 'protocol': 'TLSv1.0', 'description': 'ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha1', 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}, {'id': 50380820, 'name': 'ECDHE-RSA-AES256-SHA', 'protocol': 'TLSv1.0', 'description': 'ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha1', 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}, {'id': 50331705, 'name': 'DHE-RSA-AES256-SHA', 'protocol': 'SSLv3', 'description': 'DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha1', 'kea': 'kx-dhe', 'auth': 'auth-rsa'}, {'id': 50380809, 'name': 'ECDHE-ECDSA-AES128-SHA', 'protocol': 'TLSv1.0', 'description': 'ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha1', 'kea': 'kx-ecdhe', 'auth': 'auth-ecdsa'}, {'id': 50380819, 'name': 'ECDHE-RSA-AES128-SHA', 'protocol': 'TLSv1.0', 'description': 'ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha1', 'kea': 'kx-ecdhe', 'auth': 'auth-rsa'}, {'id': 50331699, 'name': 'DHE-RSA-AES128-SHA', 'protocol': 'SSLv3', 'description': 'DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha1', 'kea': 'kx-dhe', 'auth': 'auth-rsa'}, {'id': 50331805, 'name': 'AES256-GCM-SHA384', 'protocol': 'TLSv1.2', 'description': 'AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD', 'strength_bits': 256, 'alg_bits': 256, 'aead': True, 'symmetric': 'aes-256-gcm', 'digest': None, 'kea': 'kx-rsa', 'auth': 'auth-rsa'}, {'id': 50331804, 'name': 'AES128-GCM-SHA256', 'protocol': 'TLSv1.2', 'description': 'AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD', 'strength_bits': 128, 'alg_bits': 128, 'aead': True, 'symmetric': 'aes-128-gcm', 'digest': None, 'kea': 'kx-rsa', 'auth': 'auth-rsa'}, {'id': 50331709, 'name': 'AES256-SHA256', 'protocol': 'TLSv1.2', 'description': 'AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha256', 'kea': 'kx-rsa', 'auth': 'auth-rsa'}, {'id': 50331708, 'name': 'AES128-SHA256', 'protocol': 'TLSv1.2', 'description': 'AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha256', 'kea': 'kx-rsa', 'auth': 'auth-rsa'}, {'id': 50331701, 'name': 'AES256-SHA', 'protocol': 'SSLv3', 'description': 'AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1', 'strength_bits': 256, 'alg_bits': 256, 'aead': False, 'symmetric': 'aes-256-cbc', 'digest': 'sha1', 'kea': 'kx-rsa', 'auth': 'auth-rsa'}, {'id': 50331695, 'name': 'AES128-SHA', 'protocol': 'SSLv3', 'description': 'AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1', 'strength_bits': 128, 'alg_bits': 128, 'aead': False, 'symmetric': 'aes-128-cbc', 'digest': 'sha1', 'kea': 'kx-rsa', 'auth': 'auth-rsa'}]
Traceback (most recent call last):
  File "/home/lafftar/PycharmProjects/{project_name}/r_based/main.py", line 8, in <module>
    sboy.set_ciphers('TLS_AES_256_GCM_SHA384')
ssl.SSLError: ('No cipher can be selected.',)

CodePudding user response:

sboy.set_ciphers('TLS_AES_256_GCM_SHA384')

This is a TLS 1.3 cipher. It cannot be specified using set_ciphers. From the documentation:

TLS 1.3 uses a disjunct set of cipher suites. All AES-GCM and ChaCha20 cipher suites are enabled by default. The method SSLContext.set_ciphers() cannot enable or disable any TLS 1.3 ciphers yet, but SSLContext.get_ciphers() returns them.

Page link:https//www.codepudding.com/database/318735.html

Prev:How do you call a python api or local data into the js lib google.visualization.DataTable()?
Next:React JS multi-inputs with asynchronous data validation and race condition
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding