SSLError: [Errno 1] _ssl.c:510: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version

Question

django-push-notifications was working with both sandbox and production certificates. But since yesterday it is failing with following errors.

SSLError: [Errno 1] _ssl.c:510: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version

No change in our code or our servers. Any ideas, why it has stopped working.

UPDATE

OpenSSL 1.0.1f 6 Jan 2014 Ubuntu: 14.04

I upgraded to OpenSSL 1.1.1a 20 Nov 2018 but same results.

I also checked TLS version supported by my python using following and got "TLS 1.3".

python -c "import requests; print(requests.get('https://www.howsmyssl.com/a/check', verify=False).json()['tls_version'])"

Answer 1

Some people upgraded to tls 1.2 Others are working again after doing nothing. Feels like a problem with certain apple servers.

We added retry logic to our connection code for times when it hit one of these bad apple servers.

https://forums.developer.apple.com/thread/114489

several other reports on apple forums https://forums.developer.apple.com/content?query=push

Answer 2

From a OpenSSL point of view a client SSL Socket connection to a SSL server is failing because none of the SSL/TLS Socket versions supported by the client is enabled (or supported) on the server.

So my guess is that the server has restricted the protocol versions of SSL/TLS it's supports to the point where your openssl client can't handle it any more. At a guess TLS 1.2 and TLS 1.3 only now. Maybe TLS 1.1.

Can you update your client OpenSSL version to a later version to see if it fixes the connection issues?

Also it may help to check (if you can) what protocol versions you are enabling on the client side to make sure all the highest protocol versions are enabled - TLS 1.1, TLS 1.2, TLS1.3 - if you have openssl 1.1.1.

Answer 3

Looks like it was an apple server issue. And it has been resolved now. Push notifications are now working as expected.