0

I am getting a requests module exception error when I try to access the http://www.acastipharma.com/ website. I am not having problems with any other website so I believe this is a website specific issue. Here is some example code

import requests
initialURL = 'http://www.acastipharma.com/'
r = requests.get(initialURL)

When I run this code I get an error message that terminates with

requests.exceptions.SSLError: HTTPSConnectionPool(host='www.acastipharma.com', port=443): Max retries exceeded with url: /investors/ (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:645)'),))

An internet search indicates that the problem might be with acastipharma's SSL certificate. I tried installing pyopenssl to make sure I had the latest version of the the module thats checks SSL certificates but that did not solve the problem. I also tried running the requests.get statement with the verify=False option but that was also unsuccessful.

r = requests.get(initialURL, verify=False)

If anybody has any ideas on how to resolve this issue I would appreciate the assistance. I also tried using the older urllib.request package but ran into the same error.

This is an update to my original question: The error message I posted was from trying to run the requests command on one of the acastipharma's website subpages, here is the complete error message I get when I run the code exactly as shown in this question:

    Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/urllib3/connectionpool.py", line 601, in urlopen
    chunked=chunked)
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/urllib3/connectionpool.py", line 346, in _make_request
    self._validate_conn(conn)
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/urllib3/connectionpool.py", line 850, in _validate_conn
    conn.connect()
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/urllib3/connection.py", line 326, in connect
    ssl_context=context)
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/urllib3/util/ssl_.py", line 329, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/ssl.py", line 376, in wrap_socket
    _context=self)
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/ssl.py", line 747, in __init__
    self.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/ssl.py", line 983, in do_handshake
    self._sslobj.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/ssl.py", line 628, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:645)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/adapters.py", line 440, in send
    timeout=timeout
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/urllib3/connectionpool.py", line 639, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/urllib3/util/retry.py", line 388, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='www.acastipharma.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:645)'),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "<input>", line 1, in <module>
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/api.py", line 72, in get
    return request('get', url, params=params, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/sessions.py", line 508, in request
    resp = self.send(prep, **send_kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/sessions.py", line 640, in send
    history = [resp for resp in gen] if allow_redirects else []
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/sessions.py", line 640, in <listcomp>
    history = [resp for resp in gen] if allow_redirects else []
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/sessions.py", line 218, in resolve_redirects
    **adapter_kwargs
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/sessions.py", line 618, in send
    r = adapter.send(request, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/requests/adapters.py", line 506, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='www.acastipharma.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:645)'),))

I am using Python 3.5.1. I am on a Mac using High Sierra version 10.13.2. I am using requests 2.18.4. Since posting the question I believe the problem lies with my IDE PyCharm's environment. If I use my Python 3.5 environment I have the problem as shown in this question, if I switch the project interpreter to a Python 3.6 Anaconda environment requests will work but unfortunately mysql won't import. Thanks

President James K. Polk
  • 40,516
  • 21
  • 95
  • 125
Bill Orton
  • 135
  • 1
  • 6
  • 11
  • This code gave me a `` for what that's worth in Python 3.4.3. I assume you can open other sites OK and you tried https? – ggorlen Aug 24 '18 at 18:01
  • Hi, I can open other sites OK and I tried https. Thanks, I'm not sure what response 200 means. Did you get the SSLError also? – Bill Orton Aug 24 '18 at 18:10
  • No error. [200 means OK](https://www.restapitutorial.com/httpstatuscodes.html). – ggorlen Aug 24 '18 at 18:11
  • So you were able to establish a requests connection and create a requests object? – Bill Orton Aug 24 '18 at 18:16
  • Yeah I ran your code and it [worked perfectly on my end](https://repl.it/repls/UnluckyPeachpuffKernel). – ggorlen Aug 24 '18 at 18:17
  • Because you did not receive an error I tried executing the code from IDLE rather than my standard IDE (PyCharm) and the code executed properly. This means this is a PyCharm issue and not a website issue, or maybe a combination of the two. Thanks for the info you provided it pointed me in a different direction. – Bill Orton Aug 24 '18 at 18:22
  • Please check `python -c 'import ssl; print(ssl.OPENSSL_VERSION)'`. My guess is that you are using an ancient version of OpenSSL (like 0.9.8) with no support for the modern ciphers used by the server. – Steffen Ullrich Aug 24 '18 at 19:07
  • Hi, This returned OpenSSL 1.0.2g 1 Mar 2016. – Bill Orton Aug 24 '18 at 19:52
  • https://www.ssllabs.com/ssltest/analyze.html?d=www.acastipharma.com gives it an A and it is using Let's Encrypt CA which is very standard, so the problem is more probably client side. Did you try with other clients, like `wget` or `curl` or `openssl s_client`? Maybe you do not have this CA certificate in your trust store, since it started in april 2016. Do you have the same error if you try to go with `https://letsencrypt.org/` in your code? – Patrick Mevzek Aug 24 '18 at 21:51
  • @PatrickMevzek: I doubt that this is a CA problem. The client got an alert handshake failure from the server instead of failing to validate the certificate locally. – Steffen Ullrich Aug 25 '18 at 05:28
  • @BillOrton: I doubt that this is exactly the code which causes the problem. The error messages refers to some `/investors/` path but there is no such thing in the URL you show in your code and it is also not redirecting to such path. Please provide the the exact code to reproduce the problem combined with the exact error message you get for this code. Also, please specify the version of Python and the version of requests you are using and also the underlying OS. – Steffen Ullrich Aug 25 '18 at 05:33
  • @PatrickMevzek I now do not think this is an SSL issue. When I run my requests code with https://letsencrypt.org/ I do not get an error message. Also if it were an SSL problem then I believe running requests with the verify=False would bypass any SSL problems. I believe this has something to do with my IDE project environment. – Bill Orton Aug 25 '18 at 12:16
  • I now believe that the problem lies with not being able to upgrade to the latest version of requests in the PyCharm project interpreter I am using. In those project interpreters that the requests code works the version is 2.19.1 but in the project interpreter I am using the version is 2.18.4. For some reason I have been unable to upgrade to the latest version of requests in the project interpreter I am using. I am going to repost this question to reflect what I believe is the correct question which is why can't I get requests to upgrade correctly. Thank you for every one who responded. – Bill Orton Aug 25 '18 at 14:16
  • @BillOrton: `verify=False` does not magically bypass all SSL problems. It only bypasses one specific problem: failing to verify the certificate of the server. Specifically it does not help if client and server have no shared ciphers, server requires SNI but client does not send it, server uses a weak DH key which is not accepted by the client, server requires client certificate but client does not send one etc. – Steffen Ullrich Aug 25 '18 at 15:38
  • @BillOrton: Given that your interpreter is using a different requests version - maybe it is using a different version of OpenSSL too? Could you check the value of `ssl.OPENSSL_VERSION` from inside this interpreter? – Steffen Ullrich Aug 25 '18 at 15:47
  • My PyCharm interpreter does not list OpenSSL as an installed package but the interpreter that has the most recent requests version has OpenSSL v 1.0.2o. My PyCharm interpreter does not list OpenSSL as package that is available to install but it does list pyOpenSSL. I'm going to install that and see if it helps. PS. Thanks you for the clarification about SSLs. – Bill Orton Aug 25 '18 at 16:09
  • Trying to install pyOpenSSL gave me the following PyCharm error: Could not find a version that satisfies the requirement pyOpenSSL (from versions: ) No matching distribution found for pyOpenSSL with the proposed solution of: pip install pyOpenSSL Try to run this command from the system terminal. Make sure that you use the correct version of 'pip' installed for your Python interpreter located at '/Library/Frameworks/Python.framework/Versions/3.5/bin/python3.5'. – Bill Orton Aug 25 '18 at 16:11
  • @BillOrton: OpenSSL should already be available within the PyCharm environment and you don't need to install pyOpenSSL for this - after all, several https:// sites worked from within the interpreter so there must have been some ssl support. But you need to `import ssl` before you can `print(ssl.OPENSSL_VERSION)` from inside the interpreter. – Steffen Ullrich Aug 25 '18 at 17:24
  • The OpenSSL version is OpenSSL 0.9.8zh 14 Jan 2016. Do you you know how I would upgrade to the most recent version? I tried running pip3 install -U pyopenssl at the command line in terminal but pip3 upgrades the pyopenssl in the wrong directory: Requirement already up-to-date: pyopenssl in ./anaconda/lib/python3.5/site-packages (18.0.0) Requirement already satisfied, skipping upgrade: six>=1.5.2 in ./anaconda/lib/python3.5/site-packages (from pyopenssl) (1.11.0) This seems to upgrade the directory for the interpreter where requests works. – Bill Orton Aug 25 '18 at 17:44
  • @BillOrton: I'm not sure what kind of system you are using but I guess it is MacOS since this came for a long time with a rotten old and unsupported version of OpenSSL, causing lots of trouble like you have. There are several posts on this site wich discuss the issue and give recommendations on how to upgrade, like [this](https://stackoverflow.com/questions/37690054/python-and-openssl-version-reference-issue-on-os-x/37712029) or [this](https://stackoverflow.com/questions/24323858/python-referencing-old-ssl-version/46308535#46308535). – Steffen Ullrich Aug 25 '18 at 18:32

2 Answers2

1

The OpenSSL version is OpenSSL 0.9.8zh 14 Jan 2016

This (very old and long unsupported) version of OpenSSL does not support the newer ciphers required by this specific web server. This server only supports ECDHE key exchange, which is not supported yet by OpenSSL 0.9.8. This means that the client only offers ciphers to the server which the server will not accept and due to no common ciphers the server will close the connection with an SSL handshake alert.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • I tried the non python uninstall and reinstall version of the directions provided from your earlier message link but that just told me" Warning: openssl 1.0.2p is already installed and up-to-date. I have a python.org 3.5 install (which is what I use for PyCharm's project interpreter) as well as an Anaconda 3.5 install. When I tried to do the openssl update the anaconda version gets updated. I need to figure out how to force pip to update the correct python.org directory rather than the anaconda directory. – Bill Orton Aug 25 '18 at 19:00
  • @BillOrton: you might also switch the Python interpreter used by your IDE to the working one (i.e.Anaconda), see [PyCharm: Configuring Python Interpreter for a Project](https://www.jetbrains.com/help/pycharm-edu/configuring-python-interpreter-for-a-project.html) – Steffen Ullrich Aug 25 '18 at 19:18
  • That was my first thought, unfortunately the working one is from an Anaconda build which I cannot get to import mysql. I'm considering installing Python 3.7 and then building a whole new PyCharm project interpreter from Python 3.7. – Bill Orton Aug 25 '18 at 19:38
  • I installed Python 3.7 and built a new PyCharm project interpreter based upon the 3.7 install. After installing all the packages specifically to 3.7 everything works correctly. Thanks Again – Bill Orton Aug 25 '18 at 21:24
-1

We can ignore this SSL Error using the following:

import warnings
from urllib3.exceptions import  InsecureRequestWarning
warnings.simplefilter('ignore',InsecureRequestWarning)
Vaibhav Vishal
  • 6,576
  • 7
  • 27
  • 48
subrat kumar nayak
  • 1
  • 2