如何解决使用 PROTOCOL_TLSv1_2 的 SSL 错误？

Question

我正在使用 Python 和烧瓶库创建一个 API。我对 SSL 有一些问题。我在 Ubuntu 16.04.6 LTS 服务器上运行 API。

from flask import Flask
from flask import request    
from OpenSSL import SSL
context = SSL.Context(SSL.PROTOCOL_TLSv1_2)
context.load_cert_chain('PATH_TO_PUBLIC_KEY','PATH_TO_PRIVATE_KEY')

@app.route('/example', methods=['POST'])
def sayHallo():
    return "Hallo!"

if __name__ == '__main__':
    serving.run_simple("0.0.0.0", 5000, app, ssl_context=context)

API 及其连接使用 http，但在代码中添加 SSL 会出现错误：

Traceback (most recent call last):
  File "/usr/local/bin/flask", line 11, in <module>
    sys.exit(main())
  File "/usr/local/lib/python2.7/dist-packages/flask/cli.py", line 966, in main
    cli.main(prog_name="python -m flask" if as_module else None)
  File "/usr/local/lib/python2.7/dist-packages/flask/cli.py", line 586, in main
    return super(FlaskGroup, self).main(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 1137, in inv                                                         oke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 956, in invo                                                         ke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 555, in invo                                                         ke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/click/decorators.py", line 64, in                                                          new_func
    return ctx.invoke(f, obj, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 555, in invo                                                         ke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/flask/cli.py", line 848, in run_c                                                         ommand
    app = DispatchingApp(info.load_app, use_eager_loading=eager_loading)
  File "/usr/local/lib/python2.7/dist-packages/flask/cli.py", line 305, in __ini                                                         t__
    self._load_unlocked()
  File "/usr/local/lib/python2.7/dist-packages/flask/cli.py", line 330, in _load                                                         _unlocked
    self._app = rv = self.loader()
  File "/usr/local/lib/python2.7/dist-packages/flask/cli.py", line 388, in load_                                                         app
    app = locate_app(self, import_name, name)
  File "/usr/local/lib/python2.7/dist-packages/flask/cli.py", line 240, in locat                                                         e_app
    __import__(module_name)
  File "/var/www/api/app.py", line 7, in <module>
    context = SSL.Context(SSL.PROTOCOL_TLSv1_2)
AttributeError: 'module' object has no attribute 'PROTOCOL_TLSv1_2'

Answer 1

根据[PyOpenSSL]: class OpenSSL.SSL.Context(method)：

参数：method - SSLv2_METHOD、SSLv3_METHOD、SSLv23_METHOD 或 TLSv1_METHOD 之一。

所以，你应该使用：

context = SSL.Context(SSL.TLSv1_2_METHOD)