Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL Error; bad handshake; no ssl cipher list #4533

Closed
muhzii opened this issue Mar 5, 2018 · 1 comment
Closed

SSL Error; bad handshake; no ssl cipher list #4533

muhzii opened this issue Mar 5, 2018 · 1 comment

Comments

@muhzii
Copy link

muhzii commented Mar 5, 2018
edited
Loading

When trying to install some 3rd party apps with something like pip install or run apps that uses this module I end up with this error:

requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl_cipher_list_to_bytes', 'no ciphers available')],)",)

System Information

python -m requests.help

/usr/bin/python: No module named requests.help

Operating System info

Linux kali 4.14.0-kali3-amd64 #1 SMP Debian 4.14.17-1kali1 (2018-02-16) x86_64 GNU/Linux

python version

Python 2.7.14+

Output of pip freeze:

Warning: cannot find svn location for chirp===daily-20170714
alembic==0.8.8
androguard==3.0.1
anyjson==0.3.3
argcomplete==1.8.1
argh==0.26.2
asn1crypto==0.24.0
attrs==17.4.0
Automat==0.6.0
backdoor-factory==0.0.0
backports-abc==0.5
backports.shutil-get-terminal-size==1.0.0
backports.ssl-match-hostname==3.5.0.1
BBQSQL==1.0
bdfproxy==0.0.0
BeautifulSoup==3.2.1
beautifulsoup4==4.5.3
binwalk==2.1.2
BlindElephant==1.0
blinker==1.4
capstone==3.0.5rc2
certifi==2018.1.18
chardet==2.3.0
## FIXME: could not find svn URL in dependency_links for this package:
chirp===daily-20170714
click==6.6
colorama==0.3.7
ConfigArgParse==0.11.0
configobj==5.0.6
configparser==3.5.0
constantly==15.1.0
construct==2.8.16
couchdbkit==0.6.5
cryptography==2.1.4
Cuckoo==2.0.5.3
decorator==4.1.2
dicttoxml==1.7.4
dissy==9
distorm3==3.3.4
Django==1.8.4
django-extensions==1.6.7
dnslib==0.9.7
dnspython==1.15.0
docutils==0.14
dpkt==1.8.7
droidbot==1.0.2b3
ecdsa==0.13
egghatch==0.2.1
elasticsearch==5.3.0
enum34==1.1.6
et-xmlfile==1.0.1
feedparser==5.2.1
Flask==0.12.2
Flask-SQLAlchemy==2.1
functools32==3.2.3.post2
fuse-python==0.2.1
future==0.15.2
futures==3.2.0
GeoIP==1.3.2
gevent==1.2.2
github3.py==0.9.6
greenlet==0.4.12
h2==2.5.2
hpack==3.0.0
html2text==2018.1.9
html5lib==0.999999999
http-parser==0.8.3
httplib2==0.9.2
HTTPReplay==0.2.2
hyperframe==4.0.1
hyperlink==17.3.1
idna==2.6
impacket==0.9.15
incremental==16.10.1
ipaddress==1.0.17
IPy==0.83
ipython==5.5.0
ipython-genutils==0.2.0
itsdangerous==0.24
jdcal==1.0
Jinja2==2.9.6
jsbeautifier==1.6.2
jsonpickle==0.9.5
jsonrpclib==0.1.7
jsonschema==2.6.0
keepnote==0.7.8
keyring==10.6.0
keyrings.alt==3.0
killerbee==1.0
lxml==4.1.0
M2Crypto==0.27.0
Mako==1.0.7
MarkupSafe==1.0
mechanize==0.2.5
mercurial==4.4.1
mockito==0.5.2
nassl==0.12
netaddr==0.7.19
networkx==2.1
NfSpy==1.0
numpy==1.13.3
olefile==0.43
oletools==0.51
openpyxl==2.4.9
PAM==0.4.2
paramiko==2.0.0
passlib==1.7.1
pathlib2==2.3.0
pathtools==0.1.2
pcapy==0.10.8
peepdf==0.3.6
pefile==2017.11.5
pefile2==1.2.11
pexpect==4.2.1
pickleshare==0.7.4
Pillow==3.2.0
prettytable==0.7.2
prompt-toolkit==1.0.15
psutil==5.4.2
psycopg2==2.7.4
py==1.4.34
pyasn1==0.4.2
pyasn1-modules==0.2.1
pycairo==1.16.2
pycrypto==2.6.1
pycurl==7.43.0.1
pydns==2.3.6
pyelftools==0.24
pyenchant==2.0.0
Pygments==2.2.0
pygobject==3.26.1
pygtkspellcheck==4.0.5
pyinotify==0.9.6
PyJWT==1.5.3
pyliblzma==0.5.3
pymisp==2.4.54
pymongo==3.0.3
pymssql==2.1.3
pyOpenSSL==17.5.0
pyparsing==2.2.0
PyPDF2==1.26.0
pyperclip==1.6.0
pyscard==1.9.6
pyserial==3.4
PySocks==1.6.5
pysqlite==2.7.0
pytest==3.2.5
python-apt==1.4.0b3+b1
python-dateutil==2.4.2
python-editor==1.0.3
python-magic==0.4.12
pythonaes==1.0
pytz==2018.3
pyusb==1.0.0b2
PyX==0.12.1
pyxdg==0.25
PyYAML==3.12
qrcode==5.3
requests==2.13.0
restkit==4.2.2
rfidiot==1.0
roman==2.0.0
rpm==4.14.0
scandir==1.7
scapy==2.3.2
SecretStorage==2.3.1
service-identity==16.0.0
SFlock==0.2.20
simplegeneric==0.8.1
simplejson==3.13.2
singledispatch==3.4.0.3
six==1.11.0
slowaes==0.1a1
socketpool==0.5.3
SQLAlchemy==1.0.8
tcpwatch==1.3.1
termcolor==1.1.0
tlslite-ng==0.6.0
tornado==4.5.3
traitlets==4.3.2
Twisted==17.9.0
typing==3.6.2
uncompyle2==1.1
unicodecsv==0.14.1
unicorn==1.0.1
unpyclib==0.8.1
uritemplate==3.0.0
uritemplate.py==3.0.2
urlgrabber==3.10.2
urllib3==1.22
urwid==1.3.1
uTidylib==0.3
vinetto==0.7b0
virtualenv==15.1.0
volatility==2.6
wakeonlan==0.2.2
wapiti==2.3.0
watchdog==0.8.3
wcwidth==0.1.7
webencodings==0.5
webunit==1.3.10
Werkzeug==0.14.1
wfuzz==2.2.9
Whoosh==2.7.4
wxPython==3.0.2.0
wxPython-common==3.0.2.0
XlsxWriter==0.9.6
xmlbuilder==1.0
yara-python==3.6.3
yenc==0.4.0
yum-metadata-parser==1.1.4
zenmap==7.60
zim==0.68rc1
zope.interface==4.3.2

openssl:

OpenSSL 1.1.1-pre2-dev xx XXX xxxx

-usage of s_client:

root@kali:~# openssl s_client -connect google.com:443
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate

Certificate chain
 0 s:C = US, ST = California, L = Mountain View, O = Google Inc, CN = *.google.com
   i:C = US, O = Google Inc, CN = Google Internet Authority G2
 1 s:C = US, O = Google Inc, CN = Google Internet Authority G2
   i:C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
 2 s:C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
   i:C = US, O = Equifax, OU = Equifax Secure Certificate Authority

Server certificate
-----BEGIN CERTIFICATE-----
MIIHgzCCBmugAwIBAgIIBsBhgzb7buIwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTgwMjEzMTA0NDU5WhcNMTgwNTA4MTA0MDAw
WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n
b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWuc20suu0HzHRNSm
nmbyB0/APWpLlb7wQfxtGOOeM6YTrvUBlwoFZ55PAXaUwil/5Efv43+fbVNVpNOi
q4v94qOCBRswggUXMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIH
gDCCA+EGA1UdEQSCA9gwggPUggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22C
FiouYXBwZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIUKi5k
YjgzMzk1My5nb29nbGUuY26CBiouZy5jb4IOKi5nY3AuZ3Z0Mi5jb22CFiouZ29v
Z2xlLWFuYWx5dGljcy5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIOKi5n
b29nbGUuY28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IPKi5n
b29nbGUuY29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5icoIP
Ki5nb29nbGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNvbS50
coIPKi5nb29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOCCyou
Z29vZ2xlLmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xlLm5s
ggsqLmdvb2dsZS5wbIILKi5nb29nbGUucHSCEiouZ29vZ2xlYWRhcGlzLmNvbYIP
Ki5nb29nbGVhcGlzLmNughQqLmdvb2dsZWNvbW1lcmNlLmNvbYIRKi5nb29nbGV2
aWRlby5jb22CDCouZ3N0YXRpYy5jboINKi5nc3RhdGljLmNvbYIKKi5ndnQxLmNv
bYIKKi5ndnQyLmNvbYIUKi5tZXRyaWMuZ3N0YXRpYy5jb22CDCoudXJjaGluLmNv
bYIQKi51cmwuZ29vZ2xlLmNvbYIWKi55b3V0dWJlLW5vY29va2llLmNvbYINKi55
b3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0aW9uLmNvbYIHKi55dC5iZYILKi55
dGltZy5jb22CGmFuZHJvaWQuY2xpZW50cy5nb29nbGUuY29tggthbmRyb2lkLmNv
bYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xlLmNughxkZXZlbG9wZXJzLmFuZHJv
aWQuZ29vZ2xlLmNuggRnLmNvggZnb28uZ2yCFGdvb2dsZS1hbmFseXRpY3MuY29t
ggpnb29nbGUuY29tghJnb29nbGVjb21tZXJjZS5jb22CGHNvdXJjZS5hbmRyb2lk
Lmdvb2dsZS5jboIKdXJjaGluLmNvbYIKd3d3Lmdvby5nbIIIeW91dHUuYmWCC3lv
dXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbYIFeXQuYmUwaAYIKwYBBQUH
AQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIu
Y3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3Nw
MB0GA1UdDgQWBBRokYWZlXwh7Lo8ynlod1KCH6D3mjAMBgNVHRMBAf8EAjAAMB8G
A1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYB
BAHWeQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5n
b29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAC+ybpk7WgMLM
KqpLP0hd8hKkTCVS9GwKCleQV6EAAQUOpKr66vh+YRIIFu1IFVP9ZgVZgNzdj/FL
SdXLAxnGrR9rSrDAQdwCwWiUDdGL850M06y0wmGjo2VUuuj2+fvxpW6OW86SRnM3
aglWNTDLCeBGXIxtcQ1bj6qbIgJCCcB0Ae4oRzADsiXnOQkBtGCVHfRkZZvdY+yu
QDb0nHvJTZOkeFgXOaz+aaq8ea3lAiTzLW1ECTvmHZ8Nmyg3LrgbhVn+Naa3tzLv
nLJG+8aVmvAPbbzUFZbJXUOIM31uQRZdyqcG/C1mrS7bHeTJMvcsKMAEDr6YnxkD
G4hIyqACzg==
-----END CERTIFICATE-----
subject=C = US, ST = California, L = Mountain View, O = Google Inc, CN = *.google.com

issuer=C = US, O = Google Inc, CN = Google Internet Authority G2


No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits

SSL handshake has read 4386 bytes and written 393 bytes
Verification error: unable to get local issuer certificate

New, TLSv1.2, Cipher is ECDHE-ECDSA-CHACHA20-POLY1305
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-ECDSA-CHACHA20-POLY1305
    Session-ID: 42B58B9FCB13D7C6281368DF4CD27D2984B06B0BBCAF533FFCEDBFB85AD76E48
    Session-ID-ctx: 
    Master-Key: 33C934168C5B7D853AAF2BA341F85D298F97A7F966E3F7DE04668072183A5B10854DF64FCB4CF87E78AD9169D6CDD951
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
@sigmavirus24
Copy link
Contributor 

requests==2.13.0

2.13.0 isn't officially supported any longer. Feel free to ask for help with this on [StackOverflow](https://stackoverflow.com>

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sigmavirus24 @muhzii