3

In Python using MacOS X, made an attempt to make a POST request to a website but I got the following error post_response = session.post(post_url, data=post_payload, headers=post_headers):

Traceback (most recent call last):
  File "web_requests.py", line 424, in <module>
    main()
  File "web_requests.py", line 340, in main
    post_response = session.post(post_url, data=post_payload, headers=post_headers)
  File "/Library/Python/2.7/site-packages/requests/sessions.py", line 535, in post
    return self.request('POST', url, data=data, json=json, **kwargs)
  File "/Library/Python/2.7/site-packages/requests/sessions.py", line 488, in request
    resp = self.send(prep, **send_kwargs)
  File "/Library/Python/2.7/site-packages/requests/sessions.py", line 609, in send
    r = adapter.send(request, **kwargs)
  File "/Library/Python/2.7/site-packages/requests/adapters.py", line 497, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:590)

What could be the issue?

Thank you in advance and will be sure to upvote/accept answer

EDIT

Specific to POST requests in Python

Jo Ko
  • 7,225
  • 15
  • 62
  • 120
  • @OluwafemiSule It does not specifically relate to my particular question – Jo Ko Sep 12 '17 at 19:45
  • @OluwafemiSule not the same – Dan Me Sep 12 '17 at 19:47
  • What do you mean by "specific to POST requests"? Don't you get an SSLError with GET requests? – t.m.adam Sep 12 '17 at 19:49
  • 2
    This problem is similar to many others here but there are too few details to actually see what of the many possibilities the problem is. Please provide the URL, the full version of python and the used openssl library (`python -c 'import ssl; print ssl.OPENSSL_VERSION'`). My guess is that the problem is caused by the very old OpenSSL version 0.9.8 coming with MacOSX with no support for modern ciphers and TLS protocol versions - but this is just one of many possibilities. – Steffen Ullrich Sep 12 '17 at 19:58
  • @SteffenUllrich `Python 2.7.10`, `OpenSSL 0.9.8zg 14 July 2015` – Jo Ko Sep 12 '17 at 20:11
  • @t.m.adam No I get the error with POST requests `session.post(post_url, data=post_payload, headers=post_headers)` – Jo Ko Sep 12 '17 at 20:11
  • @JoKo: So I'm right about the old openssl version. But, you did not provide the target URL I asked for so it is still unclear what the target host requires and if the old OpenSSL is actually the problem or not. You might check with [SSLLabs](https://www.ssllabs.com/ssltest/analyze.html): if the site requires TLS 1.1 or TLS 1.2 or ECDHE ciphers then the problem is that your old OpenSSL does not support it. – Steffen Ullrich Sep 12 '17 at 20:15
  • Can you try the answer on that question about installing PyOpenSSL and idna @JoKo? – Oluwafemi Sule Sep 12 '17 at 21:23
  • @SteffenUllrich Got the following : `Protocols TLS 1.3 No TLS 1.2 Yes TLS 1.1 No TLS 1.0 No SSL 3 No SSL 2 No For TLS 1.3 tests, we currently support draft version 18.` Do you mind if I open a chat with you? – Jo Ko Sep 12 '17 at 21:41
  • @OluwafemiSule Yes – Jo Ko Sep 12 '17 at 21:42
  • [How do I compile Python 3.4 with custom OpenSSL?](http://stackoverflow.com/q/23548188/608639), [Building Python with SSL support in non-standard location](http://stackoverflow.com/q/5937337/608639), [Building python with openssl support](http://unix.stackexchange.com/q/254974/56041), etc. – jww Sep 13 '17 at 05:19
  • And some more... [How do I install pyOpenSSL on Mac OS X?](http://stackoverflow.com/q/14361569), [Updating openssl in python 2.7](http://stackoverflow.com/q/18752409), [Python referencing old SSL version](http://stackoverflow.com/q/24323858), [Python and OpenSSL version reference issue on OS X](http://stackoverflow.com/q/37690054), [Python 3.3 and Installing PyOpenSSL on a Mac](http://stackoverflow.com/q/21899573), [Using Python with homebrew on OS X](http://stackoverflow.com/q/25441252), etc... – jww Sep 13 '17 at 05:19
  • @jww: The question does not ask how to update OpenSSL and thus I would not see it as a duplicate of the questions you mentioned. Only the answer shows that the problem is that the OpenSSL is too old to connect to this specific site - and shows way to fix the problem by either updating OpenSSL or just using Anaconda Python. – Steffen Ullrich Sep 15 '17 at 16:49

1 Answers1

1

According to the addititional information in the comment SSLLabs reports for this site that it support TLS 1.2 only:

TLS 1.2 Yes   
TLS 1.1 No   
TLS 1.0 No   
SSL 3   No

And according to another information in the comments the OpenSSL version is 0.9.8:

.. OpenSSL 0.9.8zg 14 July 2015

Since OpenSSL 0.9.8 only support up to TLS 1.0 and especially not TLS 1.2 there is no common TLS protocol spoken between the client and the server. Thus, the handshake fails.

The way to fix the problem is to upgrade the version of OpenSSL as used by Python away from the very old version to at least OpenSSL 1.0.1. See for example Updating openssl in python 2.7 for more information or use Anaconda Python which comes preinstalled with a lot of modules and also includes a current version of OpenSSL.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • Do you mind showing how to update openssel in python 2.7? Tried following but no luck so far. – Jo Ko Sep 15 '17 at 16:45
  • @JoKo: there are many many posts here which show how to update OpenSSL in Python (see comments from jww) so I will not add yet another one. If you want it simple just use Anaconda Python as I suggested. – Steffen Ullrich Sep 15 '17 at 16:53
  • Tried the first answer (with `sudo pip install --upgrade pyOpenSSL`) and checked the python version, and it's been updated to the most recent but when I did: `import ssl` and `print ssl.OPENSSL_VERSION`, it is still `OpenSSL 0.9.8zg 14 July 2015 `. – Jo Ko Sep 18 '17 at 19:52
  • @JoKo: 1. Your original question was answered correctly (and should be marked as such). 2. Asking about updating OpenSSL in Python is a new question which should not be asked in a comment. 3. Any problems following another question should not be discussed here. 4. Why not just avoid the hassle by installing Anaconda Python as suggested? – Steffen Ullrich Sep 18 '17 at 20:08
  • is Anaconda just a package of bunch of modules? – Jo Ko Sep 18 '17 at 20:29
  • @JoKo: no, Anaconda is full Python with many modules and also includes a current OpenSSL linked to all this. – Steffen Ullrich Sep 18 '17 at 20:33