SSL: SSLV3 Alert illegal parametr

666 views Asked by At

I can use Postman to successfully send requests to the API service of my CUCM (Cisco Unified Communications Manager) server. And as you can see in the picture, these requests are successfully sent through the TLSV1.2 protocol (I also tried: TLSV1.1 and TLSV1 succeeded).

Postman requests in Wireshark:

Postman request in Wireshark

Postman request Details:

Postman request details

But when I send requests with Python, the requests are always processed over SSLV3 protocol. And since I am using an old version of my CUCM server (v-10.0) I get the following error:

Python request in Wireshark

Request error in terminal:
requests.exceptions.SSLError: HTTPSConnectionPool(host='172.25.0.6', port=8443): Max retries exceeded with url: /axl/ (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_ILLEGAL_PARAMETER] sslv3 alert illegal parameter (_ssl.c:1007)')))

**No matter how hard I tried, I couldn't use Python to send requests using TLSv1.2 or older protocols. How can I force Python to do this??**

I should also mention that I also tried these experiments with CURL, which, like Python, only sends requests with SSLV3.

Here are some of my Python experiments:

import requests

url = "https://172.25.0.6:8443/axl/"
headers = {
  'Content-Type': 'text/plain',
  'Authorization': 'Basic token=',
  'Cookie': 'JSESSIONID=DCCokiee; JSESSIONIDSSO=SessionId'
}
payload = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ns=\"http://www.cisco.com/AXL/API/10.0\">\n   <soapenv:Header />\n   <soapenv:Body>\n      <ns:executeSQLQuery sequence=\"?\">\n         <sql>select  first 10 * from numplan  where dnorpattern='3335610'</sql>\n      </ns:executeSQLQuery>\n   </soapenv:Body>\n</soapenv:Envelope>"

response = requests.get(url, headers=headers)

if response.status_code == 200:
    print("Success!")
    print(response.text)
else:
    print("Unsuccess. HTTP Kodu:", response.status_code)

response = requests.request("POST", url, headers=headers,auth=("username","password"), data=payload)

print(response.text)



or

response = requests.request("POST", url, headers=headers,auth=("username","password"), data=payload)

response = requests.request("POST", url,verify=False, headers=headers,,auth=("username","password"), data=payload)

or 
response = requests.request("POST", url, verify='./cucm01.giganet.lan', data=payload, auth=("username","password"))

or 

import socket
import ssl
import http.client

# Set your API endpoint and parameters
hostname = '172.25.0.6'
port = 8443
endpoint = '/axl'
api_url = f'https://{hostname}:{port}{endpoint}'

# Create an SSL context that enforces TLSv1.2
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
context.options |= ssl.OP_NO_SSLv3
context.options |= ssl.OP_NO_TLSv1
context.options |= ssl.OP_NO_TLSv1_1
# context.maximum_version = ssl.TLSVersion.TLSv1_3
ciphers = [
    'AES256-SHA',
    'AES128-SHA',
]

context.set_ciphers(':'.join(ciphers))

# Your API request headers and payload
headers = {
    'Content-Type': 'text/xml',
    'Authorization': 'Basic RmFyaWQ2MTI6RmFyaWQ2MTI='
}
conn = http.client.HTTPSConnection(hostname, port, context=context)
conn.request('POST', endpoint, body=payload, headers=headers)

Other details:
I tried many solutions surfing the internet. But there was not the slightest change in the error.  
  
OS: Ubuntu 22.04  
Python: 3.10

Many thanks in advance...




1

There are 1 answers

3
J_H On

You are using an End-of-Lifed product. Cisco customers are encouraged to migrate to On-premises Calling or Cloud Calling.

How can I force ...

You are always free to use the python3.7 interpreter. I caution that it, too, has seen its EOL date recede into the past.