获取https服务器的密码套件和证书等配置信息

前言:
TLS协议的主要目标是提供隐私和数据完整性 ,使数据传输更加安全

TLS结构

编写流程

1. 确定密码套件
2. 建立ssl连接
3. 确定连接是否连接
4. 存下证书

编写的流程如上所示，笔者通过阅读python官方文档整理出如下重要函数，如果大家有需要请移步官方文档，写的都很清晰.

#创建默认的文本
ssl.create_default_context()
#创建连接
socket.create_connection((hostname, port)) 
#设置密码套件,其中context是创建的ssl默认文本
context.set_ciphers(cipher)
#进行连接
context.wrap_socket(sock, server_hostname=hostname)
#获取连接的TLS版本,证书,其中ssock是wrap_socket()返回的值
ssock.version() 
ssock.getpeercert()

导入库：

# -*- coding: UTF-8 -*-
import socket
import ssl
import sys

确定密码套件

由于网络的问题比较多难以预判出现什么样的情况,建议是写多个try,except,进行异常捕捉

def find_ciphers(hostname,port):
    context = ssl.create_default_context()

    i=0
    print("[%s:%d]存在的密码套件为"%(hostname,port))

    for cipher in ciphers:
        i+=1
        try:
            with socket.create_connection((hostname, port)) as sock:
                context.set_ciphers(cipher)
                try:
                    with context.wrap_socket(sock, server_hostname=hostname) as ssock:
                        #打印密码套件
                        print("[%d]: %s\t%s"%(i,ssock.version(),cipher))
                        #获取服务器证书

                        cert = str(ssock.getpeercert())
                        # print(cert)
                        #存储证书
                        cert_name=hostname+cipher+"certs.txt"
                        try:

                            f=open(cert_name,"w")
                            try:
                                f.write(cert)
                                print(cert)
                                try:
                                    f.flush()
                                    f.close()
                                except:
                                    print("关闭文件失败")
                            except:
                                print("写文件失败")
                        except:
                            print("不能打开文件   ")


                except:
                    #什么也不做
                    m=0
        except:
            # 什么也不做
            m=0

主函数

主函数就是根据需要写就行了

#主函数
if __name__=="__main__":
    if len(sys.argv)!=4:
        print("请输入如下格式 ：<hostname> <port>")
        exit()
    HOST=sys.argv[2]
    PORT=sys.argv[3]
    find_ciphers(HOST,PORT)

运行截图：

运行截图

导出文件截图：

导出文件截图

最后放一下密码套件们，这些也在TLS的官网上可以找到

TLS 1.2 所使用的密码套件们,可根据检测的需要替换

ciphers=[
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256 ",
"TLS_AES_128_GCM_SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"DHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"DHE-RSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"DHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA384",
"DHE-RSA-AES256-SHA256",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA256",
"DHE-RSA-AES128-SHA256",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-RSA-AES256-SHA",
"DHE-RSA-AES256-SHA",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-RSA-AES128-SHA",
"DHE-RSA-AES128-SHA",
"RSA-PSK-AES256-GCM-SHA384",
"DHE-PSK-AES256-GCM-SHA384",
"RSA-PSK-CHACHA20-POLY1305",
"DHE-PSK-CHACHA20-POLY1305",
"ECDHE-PSK-CHACHA20-POLY1305",
"AES256-GCM-SHA384",
"PSK-AES256-GCM-SHA384",
"PSK-CHACHA20-POLY1305",
"RSA-PSK-AES128-GCM-SHA256",
"DHE-PSK-AES128-GCM-SHA256",
"AES128-GCM-SHA256",
"PSK-AES128-GCM-SHA256",
"AES256-SHA256",
"AES128-SHA256",
"ECDHE-PSK-AES256-CBC-SHA384",
"ECDHE-PSK-AES256-CBC-SHA",
"SRP-RSA-AES-256-CBC-SHA",
"SRP-AES-256-CBC-SHA",
"RSA-PSK-AES256-CBC-SHA384",
"DHE-PSK-AES256-CBC-SHA384",
"RSA-PSK-AES256-CBC-SHA",
"DHE-PSK-AES256-CBC-SHA ",
"AES256-SHA",
"PSK-AES256-CBC-SHA384",
"PSK-AES256-CBC-SHA",
"ECDHE-PSK-AES128-CBC-SHA256",
"ECDHE-PSK-AES128-CBC-SHA",
"SRP-RSA-AES-128-CBC-SHA",
"SRP-AES-128-CBC-SHA",
"RSA-PSK-AES128-CBC-SHA256",
"DHE-PSK-AES128-CBC-SHA256",
"RSA-PSK-AES128-CBC-SHA",
"DHE-PSK-AES128-CBC-SHA",
"AES128-SHA",
"PSK-AES128-CBC-SHA256",
"PSK-AES128-CBC-SHA "
]