Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #69977 > unrolled thread

imaplib: how to specify SSL/TLS protocol version?

Back to article view | Back to comp.lang.python

Contents

  imaplib: how to specify SSL/TLS protocol version? Grant Edwards <invalid@invalid.invalid> - 2014-04-09 20:12 +0000
    Re: imaplib: how to specify SSL/TLS protocol version? Grant Edwards <invalid@invalid.invalid> - 2014-04-09 20:20 +0000
      Re: imaplib: how to specify SSL/TLS protocol version? Tim Chase <python.list@tim.thechases.com> - 2014-04-09 15:33 -0500
        Re: imaplib: how to specify SSL/TLS protocol version? Grant Edwards <invalid@invalid.invalid> - 2014-04-09 20:55 +0000
          Re: imaplib: how to specify SSL/TLS protocol version? Grant Edwards <invalid@invalid.invalid> - 2014-04-09 21:10 +0000
            Re: imaplib: how to specify SSL/TLS protocol version? Chris Angelico <rosuav@gmail.com> - 2014-04-10 11:55 +1000
    Re: imaplib: how to specify SSL/TLS protocol version? Tim Chase <python.list@tim.thechases.com> - 2014-04-09 15:26 -0500
    Re: imaplib: how to specify SSL/TLS protocol version? Antoine Pitrou <solipsis@pitrou.net> - 2014-04-10 19:57 +0000

#69977 — imaplib: how to specify SSL/TLS protocol version?

Connecting to Exchange server fails like this:

 File "/usr/lib64/python2.7/imaplib.py", line 1148, in __init__
   IMAP4.__init__(self, host, port)
 SSLError: [Errno 1] _ssl.c:1419: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Experiments show that when calling ssl.wrap_socket() I have to specify
ssl_version=PROTOCOL_TLSv1 to avoid the above error.

How do I tell imaplib to use TLS1 instead of SSL3?

-- 
Grant Edwards               grant.b.edwards        Yow! UH-OH!!  We're out
                                  at               of AUTOMOBILE PARTS and
                              gmail.com            RUBBER GOODS!

[toc] | [next] | [standalone]

#69978

On 2014-04-09, Grant Edwards <invalid@invalid.invalid> wrote:
> Connecting to Exchange server fails like this:
>
>  File "/usr/lib64/python2.7/imaplib.py", line 1148, in __init__
>    IMAP4.__init__(self, host, port)
>  SSLError: [Errno 1] _ssl.c:1419: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
>
> Experiments show that when calling ssl.wrap_socket() I have to specify
> ssl_version=PROTOCOL_TLSv1 to avoid the above error.
>
> How do I tell imaplib to use TLS1 instead of SSL3?

I'm not too keen on this approach, but monkey-patching the open()
method seems to work:

def my_imap4_ssl_open(self, host = '', port = 993):
    self.host = host
    self.port = port
    self.sock = socket.create_connection((host, port))
    self.sslobj = ssl.wrap_socket(self.sock, self.keyfile, self.certfile, ssl_version=ssl.PROTOCOL_TLSv1)
    self.file = self.sslobj.makefile('rb')

imaplib.IMAP4_SSL.open = my_imap4_ssl_open 

-- 
Grant Edwards               grant.b.edwards        Yow! I hope the
                                  at               ``Eurythmics'' practice
                              gmail.com            birth control ...

[toc] | [prev] | [next] | [standalone]

#69981

On 2014-04-09 20:20, Grant Edwards wrote:
> I'm not too keen on this approach, but monkey-patching the open()
> method seems to work:
> 
> def my_imap4_ssl_open(self, host = '', port = 993):
>     self.host = host
>     self.port = port
>     self.sock = socket.create_connection((host, port))
>     self.sslobj = ssl.wrap_socket(self.sock, self.keyfile,
> self.certfile, ssl_version=ssl.PROTOCOL_TLSv1) self.file =
> self.sslobj.makefile('rb')
> 
> imaplib.IMAP4_SSL.open = my_imap4_ssl_open 

Our messages passed in the ether.  You don't have to feel dirty
for monkey-patching, as you can just do it with inheritance.

-tkc

[toc] | [prev] | [next] | [standalone]

#69982

On 2014-04-09, Tim Chase <python.list@tim.thechases.com> wrote:
> On 2014-04-09 20:20, Grant Edwards wrote:
>> I'm not too keen on this approach, but monkey-patching the open()
>> method seems to work:
>> 
>> def my_imap4_ssl_open(self, host = '', port = 993):
>>     self.host = host
>>     self.port = port
>>     self.sock = socket.create_connection((host, port))
>>     self.sslobj = ssl.wrap_socket(self.sock, self.keyfile,
>> self.certfile, ssl_version=ssl.PROTOCOL_TLSv1) self.file =
>> self.sslobj.makefile('rb')
>> 
>> imaplib.IMAP4_SSL.open = my_imap4_ssl_open 
>
> Our messages passed in the ether.

Yep saw that.  Thanks for the answers. 

> You don't have to feel dirty for monkey-patching, as you can just do
> it with inheritance.

Doh. I don't know why I didn't think of that...

-- 
Grant Edwards               grant.b.edwards        Yow! I wonder if there's
                                  at               anything GOOD on tonight?
                              gmail.com            

[toc] | [prev] | [next] | [standalone]

#69985

On 2014-04-09, Grant Edwards <invalid@invalid.invalid> wrote:
> On 2014-04-09, Tim Chase <python.list@tim.thechases.com> wrote:
>> On 2014-04-09 20:20, Grant Edwards wrote:
>>> I'm not too keen on this approach, but monkey-patching the open()
>>> method seems to work:
>>> 
>>> def my_imap4_ssl_open(self, host = '', port = 993):
>>>     self.host = host
>>>     self.port = port
>>>     self.sock = socket.create_connection((host, port))
>>>     self.sslobj = ssl.wrap_socket(self.sock, self.keyfile,
>>> self.certfile, ssl_version=ssl.PROTOCOL_TLSv1) self.file =
>>> self.sslobj.makefile('rb')
>>> 
>>> imaplib.IMAP4_SSL.open = my_imap4_ssl_open 
>>
>> Our messages passed in the ether.
>
> Yep saw that.  Thanks for the answers. 
>
>> You don't have to feel dirty for monkey-patching, as you can just do
>> it with inheritance.
>
> Doh. I don't know why I didn't think of that...

Now I remember...

I left out a relevent fact: I'm not the one calling IMAP4_<whatever>.

That's being done by the imapclient library.  There's no way to pass
imapclient a custom class to use.  It's hard-waired to call either
imaplib.IMAP4_stream(), imaplib.IMAP4(), or imaplib.IMAP4_SSL().  I
could create an IMAP4_TLS1 class, but I would then have to sub-class
imapclient.IMAPClient and override its _create_IMAP4() method to make
it call my IMAP4_TLS1() class instead of calling imaplib.IMAP4_SSL().

Monkey-patching imaplib seems a little better since it it doesn't
depend on assumptions about the internal workings of imapclient (other
than the fact that it uses imaplib.IMAP4_SSL).

-- 
Grant Edwards               grant.b.edwards        Yow! MMM-MM!!  So THIS is
                                  at               BIO-NEBULATION!
                              gmail.com            

[toc] | [prev] | [next] | [standalone]

#69998

On Thu, Apr 10, 2014 at 7:10 AM, Grant Edwards <invalid@invalid.invalid> wrote:
> I left out a relevent fact: I'm not the one calling IMAP4_<whatever>.
>
> That's being done by the imapclient library.  There's no way to pass
> imapclient a custom class to use.  It's hard-waired to call either
> imaplib.IMAP4_stream(), imaplib.IMAP4(), or imaplib.IMAP4_SSL().  I
> could create an IMAP4_TLS1 class, but I would then have to sub-class
> imapclient.IMAPClient and override its _create_IMAP4() method to make
> it call my IMAP4_TLS1() class instead of calling imaplib.IMAP4_SSL().
>
> Monkey-patching imaplib seems a little better since it it doesn't
> depend on assumptions about the internal workings of imapclient (other
> than the fact that it uses imaplib.IMAP4_SSL).

That's an argument in favour of a minor case of serious
monkey-patching. Although if you do feel dirty, try to hold on to that
feeling because that is the proper reaction to being told that you're
monkey-patching.

ChrisA
okay, now I feel like a moron... not just a regular moron, though...

[toc] | [prev] | [next] | [standalone]

#69980

On 2014-04-09 20:12, Grant Edwards wrote:
>  File "/usr/lib64/python2.7/imaplib.py", line 1148, in __init__
>    IMAP4.__init__(self, host, port)
>  SSLError: [Errno 1] _ssl.c:1419: error:1408F10B:SSL
> routines:SSL3_GET_RECORD:wrong version number
> 
> Experiments show that when calling ssl.wrap_socket() I have to
> specify ssl_version=PROTOCOL_TLSv1 to avoid the above error.
> 
> How do I tell imaplib to use TLS1 instead of SSL3?

Sounds like you'd need to make a subclass, something like

  class IMAP4_TLS(imaplib.IMAP4_SSL):
    def open(self, host="", port=IMAP4_SSL_PORT):
      self.host = host
      self.port = port
      self.sock = socket.create_connection((host, port))
      self.sslobj = ssl.wrap_socket(
        self.sock,
        self.keyfile,
        self.certfile,
        ssl_version=PROTOCOL_TLSv1,
        )
      self.file = self.sslobj.makefile('rb')

Alternatively, you could genericify it something like


  class IMAP4_TLS(imaplib.IMAP4_SSL):
    def open(self, host="",
        port=IMAP4_SSL_PORT,
        ssl_version=PROTOCOL_SSLv23,
        ):
      self.host = host
      self.port = port
      self.sock = socket.create_connection((host, port))
      self.sslobj = ssl.wrap_socket(
        self.sock,
        self.keyfile,
        self.certfile,
        ssl_version=ssl_version,
        )
      self.file = self.sslobj.makefile('rb')

and then call .open(..., ssl_version=PROTOCOL_TLSv1) or specify any
other protocol that you need.

-tkc

[toc] | [prev] | [next] | [standalone]

#70059

Grant Edwards <invalid <at> invalid.invalid> writes:
> 
> Experiments show that when calling ssl.wrap_socket() I have to specify
> ssl_version=PROTOCOL_TLSv1 to avoid the above error.
> 
> How do I tell imaplib to use TLS1 instead of SSL3?

Use Python 3 and pass the ssl_context parameter to IMAP_SSL:
https://docs.python.org/3.3/library/imaplib.html#imaplib.IMAP4_SSL

Regards

Antoine.

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web