0

When I try to GET this site which uses the obsolete TLS1.1 with urllib3, this error is raised:

>>> import urllib3
>>> http = urllib3.PoolManager()
>>> r = http.request('GET', 'https://site/')

SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:646)

It seems that urllib3 is trying to handshake with SSL3, but as I mentioned, this site uses TLS1.1.

Do I have to specify that I wan't to use TLS1.1? How do I do it?

I've found this parameter called ssl_version (it can be passed in the PoolManager constructor) which defaults to PROTOCOL_SSLv23. But I did not found something like PROTOCOL_TLSv11 in urllib3.util.ssl_. In fact, the only var that starts with PROTOCOL_ is the default option.

rodorgas
  • 962
  • 2
  • 12
  • 29

1 Answers1

1

It seems that urllib3 is trying to handshake with SSL3, but as I mentioned, this site uses TLS1.1.

The site still support SSL 3.0 (also TLS 1.0 and TLS 1.1) so I doubt that this is the problem. I would suggest the problem is more that the server only supports the insecure cipher RC4-SHA which is excluded from the default cipher set of urllib3. See also Why does Python requests ignore the verify parameter?.

Community
  • 1
  • 1
Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172