Python 错误 SSL : ssl. SSLError : [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl. c:726)

Question

我正在尝试使用 python 2.7.15 从(IP，目标端口 443)获取 SNI，并且我正在使用最新版本的 OpenSSL 和 ssl 模块。

这是我的代码:

import OpenSSL as OSsl #This two modules are imported for the only purpose of getting the SNI using function defined by us down here getSNI
import ssl



ip = "52.85.25.17"
dport = "443"


#With this function we get the Server Name Identification for the trasmissions with Secure Socket Layer identified by the port 443. We only care about the destinationIP and the destinationPort

def getSNI(ip, dport):
    if dport != "443":
        commonName = "Not SSL"
        print commonName
    else:   
        server_certificate = ssl.get_server_certificate((ip, dport))

        x509 = OSsl.crypto.load_certificate(OSsl.crypto.FILETYPE_PEM, server_certificate) #x509 is referred to the standard used for PKI (Public Key Infrastructure) used in this case for ciphering our informations about certificate

#FILETYPE_PEM serializes data to a Base64-Encoded

    #getting the informations about Certificate

        certInfo = x509.get_subject()
        commonName = certInfo.commonName
        print (commonName) 
    return commonName


getSNI(ip,dport)

这有效，但是对于指定的地址(在我发布的代码片段中)，我收到此错误:

Traceback (most recent call last):
  File "getSNI.py", line 31, in <module>
    getSNI(ip,dport)
  File "getSNI.py", line 17, in getSNI
    server_certificate = ssl.get_server_certificate((ip, dport))
  File "/usr/lib/python2.7/ssl.py", line 1023, in get_server_certificate
    with closing(context.wrap_socket(sock)) as sslsock:
  File "/usr/lib/python2.7/ssl.py", line 369, in wrap_socket
    _context=self)
  File "/usr/lib/python2.7/ssl.py", line 617, in __init__
    self.do_handshake()
  File "/usr/lib/python2.7/ssl.py", line 846, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:726)

我已经升级了所有模块和包，我阅读了很多关于这个主题的问题，但我不知道如何解决这个问题

Edit1: 执行whois 发现这个IpAddress是连接Amazon的，请问Amazon和SNI有什么特别的问题吗？

Answer 1

SNI 的要点是可以存在多个解析为具体 IP 地址的域。因此，您提供的 IP (52.85.25.17) 是此类地址之一。服务器无法确定您请求的是哪个域的证书，因此它终止了错误连接。

附录 1. 捕获 SSLError 异常

您可以通过这种方式捕获 ssl.SSLError:

try:
    server_certificate = ssl.get_server_certificate((ip, dport))
    ...
except ssl.SSLError as e:
    common_name = "Handshake Failed"