Menu
Article Case Studies

does python requests use tls 1.2

Narkw Brahma

Narkw Brahma

• 1 min read

Does Python requests use TLS 1.2?

As far as I know, yes, Python requests does use TLS 1.2.

Explanation

Python requests is a popular library used for making HTTP requests in Python. It supports HTTPS encryption using the Transport Layer Security (TLS) protocol.

TLS is a protocol used to secure communication over the internet. It provides encryption and authentication to protect against eavesdropping, tampering, and forgery.

In Python requests, TLS is used by default when making HTTPS requests. Specifically, it uses the ssl module of the Python standard library to establish a secure connection with the server.

The ssl module supports various versions of TLS, including TLS 1.0, TLS 1.1, and TLS 1.2. However, due to security vulnerabilities in earlier versions of TLS, many servers have disabled support for them and only allow TLS 1.2.

To ensure that Python requests uses TLS 1.2, you can explicitly set the SSL version to use when making requests:


import requests
import ssl

# Create an SSL context with TLS 1.2 only
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)

# Make an HTTPS request using the SSL context
response = requests.get("https://example.com", verify=True, timeout=5, auth=("username", "password"), headers={"User-Agent": "Mozilla"}, cert=("path/to/cert.pem", "path/to/key.pem"), proxies={"https": "https://proxy.example.com"}, stream=True, allow_redirects=True, cookies={"sessionid": "1234567890"}, params={"key": "value"})

# Print the response content
print(response.content)

In this example, we create an SSL context with TLS 1.2 only and pass it to the requests.get() method. We also specify various other request parameters, such as verifying the server's SSL certificate, setting a timeout, authenticating with a username and password, setting a custom User-Agent header, using client-side SSL certificates, using a proxy server, streaming the response content, allowing redirects, sending cookies, and passing query parameters.

By default, Python requests uses the system's default SSL context, which may not enforce the use of TLS 1.2. Therefore, it's recommended to explicitly set the SSL version to use to ensure maximum security.

Conclusion

In summary, Python requests does use TLS 1.2 by default when making HTTPS requests. However, to ensure maximum security and compatibility with modern servers, it's recommended to explicitly set the SSL version to use when making requests.

Share