Urllib3 error "SSL: wrong signature type"
Question:
When I run the following code in python 3.8.5 from an Ubuntu Server:
import urllib3
import certifi
url = "https://www.website.com"
http = urllib3.PoolManager(cert_reqs='CERT_REQUIRED', ca_certs=certifi.where())
content = http.request("GET", url, preload_content=False).read()
The following error occurr:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect
self.sock = ssl_wrap_socket(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_SIGNATURE_TYPE] wrong signature type (_ssl.c:1123)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "MyFile.py", line 46, in <module>
content = urllib3.PoolManager().request("GET", url)
File "/usr/lib/python3/dist-packages/urllib3/request.py", line 75, in request
return self.request_encode_url(
File "/usr/lib/python3/dist-packages/urllib3/request.py", line 97, in request_encode_url
return self.urlopen(method, url, **extra_kw)
File "/usr/lib/python3/dist-packages/urllib3/poolmanager.py", line 330, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 747, in urlopen
return self.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 747, in urlopen
return self.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 747, in urlopen
return self.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='www.website.com', port=443): Max retries exceeded with url: /path/to/web/page.html (Caused by SSLError(SSLError(1, '[SSL: WRONG_SIGNATURE_TYPE] wrong signature type (_ssl.c:1123)')))
The system is updated as all the libraries I am using
Running the same code on my Windows 10 pc results in no errors
What am I missing?
Answers:
I answer by myself referencing this GitHub issue: https://github.com/psf/requests/issues/4775
I solved the problem using the code below:
import urllib3
url = "https://www.website.com"
ctx = ssl.create_default_context()
ctx.set_ciphers('DEFAULT@SECLEVEL=1')
http = urllib3.PoolManager(
ssl_version=ssl.PROTOCOL_TLS,
ssl_context=ctx)
content = http.request("GET", url, preload_content=False).read()
You could also keep using requests with the following code (inspired from your answer and the requests documentation) :
import ssl
import requests
import urllib3
class SslOldHttpAdapter(requests.adapters.HTTPAdapter):
def init_poolmanager(self, connections, maxsize, block=False):
ctx = ssl.create_default_context()
ctx.set_ciphers('DEFAULT@SECLEVEL=1')
self.poolmanager = urllib3.poolmanager.PoolManager(
ssl_version=ssl.PROTOCOL_TLS,
ssl_context=ctx)
url = "https://www.website.com"
s = requests.Session()
s.mount(url, SslOldHttpAdapter())
r = s.get(url, headers=headers)
try to disable the system proxy
proxies = {"http": None, "https": None}
The above answer about creating a new context with SECLEVEL=1 does not work for me in Python 3.11.1 on Windows (with OpenSSL 1.1.1q 5 Jul 2022).
But this (inspaired by Python – requests.exceptions.SSLError – dh key too small) works:
import requests
requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = 'DEFAULT@SECLEVEL=1'
r = requests.get('https://www.billboard-japan.com')
print(r.status_code)
When I run the following code in python 3.8.5 from an Ubuntu Server:
import urllib3
import certifi
url = "https://www.website.com"
http = urllib3.PoolManager(cert_reqs='CERT_REQUIRED', ca_certs=certifi.where())
content = http.request("GET", url, preload_content=False).read()
The following error occurr:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect
self.sock = ssl_wrap_socket(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_SIGNATURE_TYPE] wrong signature type (_ssl.c:1123)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "MyFile.py", line 46, in <module>
content = urllib3.PoolManager().request("GET", url)
File "/usr/lib/python3/dist-packages/urllib3/request.py", line 75, in request
return self.request_encode_url(
File "/usr/lib/python3/dist-packages/urllib3/request.py", line 97, in request_encode_url
return self.urlopen(method, url, **extra_kw)
File "/usr/lib/python3/dist-packages/urllib3/poolmanager.py", line 330, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 747, in urlopen
return self.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 747, in urlopen
return self.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 747, in urlopen
return self.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='www.website.com', port=443): Max retries exceeded with url: /path/to/web/page.html (Caused by SSLError(SSLError(1, '[SSL: WRONG_SIGNATURE_TYPE] wrong signature type (_ssl.c:1123)')))
The system is updated as all the libraries I am using
Running the same code on my Windows 10 pc results in no errors
What am I missing?
I answer by myself referencing this GitHub issue: https://github.com/psf/requests/issues/4775
I solved the problem using the code below:
import urllib3
url = "https://www.website.com"
ctx = ssl.create_default_context()
ctx.set_ciphers('DEFAULT@SECLEVEL=1')
http = urllib3.PoolManager(
ssl_version=ssl.PROTOCOL_TLS,
ssl_context=ctx)
content = http.request("GET", url, preload_content=False).read()
You could also keep using requests with the following code (inspired from your answer and the requests documentation) :
import ssl
import requests
import urllib3
class SslOldHttpAdapter(requests.adapters.HTTPAdapter):
def init_poolmanager(self, connections, maxsize, block=False):
ctx = ssl.create_default_context()
ctx.set_ciphers('DEFAULT@SECLEVEL=1')
self.poolmanager = urllib3.poolmanager.PoolManager(
ssl_version=ssl.PROTOCOL_TLS,
ssl_context=ctx)
url = "https://www.website.com"
s = requests.Session()
s.mount(url, SslOldHttpAdapter())
r = s.get(url, headers=headers)
try to disable the system proxy
proxies = {"http": None, "https": None}
The above answer about creating a new context with SECLEVEL=1 does not work for me in Python 3.11.1 on Windows (with OpenSSL 1.1.1q 5 Jul 2022).
But this (inspaired by Python – requests.exceptions.SSLError – dh key too small) works:
import requests
requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = 'DEFAULT@SECLEVEL=1'
r = requests.get('https://www.billboard-japan.com')
print(r.status_code)