Selenium ssl_client_socket_impl.cc handshake failed

Question

I am receiving this error while testing with Selenium

[18912:1216:0116/175151.966:ERROR:ssl_client_socket_impl.cc(960)] handshake failed; returned -1, SSL error code 1, net_error -101

My current code is

settings = {
      'proxy':{
          'https':'https://' + proxy 
      }
    }
options = webdriver.ChromeOptions()
options.add_argument('--ignore-certificate-errors-spki-list')
options.add_argument('--ignore-ssl-errors')
self.driver = webdriver.Chrome(seleniumwire_options=settings, chrome_options=options)

Is there any other way to ignore/solve this error?

Answer 1

According to a list of command line switches for Chromium (which works for your case) you need to use --ignore-certificate-errors-spki-list as a webdriver option argument.

Your code snippet options.add_argument('--ignore-certificate-errors-spki-list') implements this in a correct way (cf. doc, respectively the code base of Chromium for kIgnoreCertificateErrorsSPKIList[]). On a slight off-topic note, --ignore-certificate-errors (as suggested in various StackOverflow questions) is deprecated.

Anyhow, generally speaking your error message (see below)

[18912:1216:0116/175151.966:ERROR:ssl_client_socket_impl.cc(960)] handshake failed; returned -1, SSL error code 1, net_error -101

infers that the handshake between your Selenium ChromeDriver and the Chrome Browser has failed along the way of execution. If we take a look at ssl_client_socket_impl.cc, we can see SSLClientSocketImpl::DoHandshake() (which causes your error):

int SSLClientSocketImpl::DoHandshake() {
  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
  int rv = SSL_do_handshake(ssl_.get());
  int net_error = OK;
  if (rv <= 0) {
    int ssl_error = SSL_get_error(ssl_.get(), rv);
    if (ssl_error == SSL_ERROR_WANT_X509_LOOKUP && !send_client_cert_) {
      return ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
    }
    if (ssl_error == SSL_ERROR_WANT_PRIVATE_KEY_OPERATION) {
      DCHECK(client_private_key_);
      DCHECK_NE(kSSLClientSocketNoPendingResult, signature_result_);
      next_handshake_state_ = STATE_HANDSHAKE;
      return ERR_IO_PENDING;
    }
    if (ssl_error == SSL_ERROR_WANT_CERTIFICATE_VERIFY) {
      DCHECK(cert_verifier_request_);
      next_handshake_state_ = STATE_HANDSHAKE;
      return ERR_IO_PENDING;
    }
    OpenSSLErrorInfo error_info;
    net_error = MapLastOpenSSLError(ssl_error, err_tracer, &error_info);
    if (net_error == ERR_IO_PENDING) {
      // If not done, stay in this state
      next_handshake_state_ = STATE_HANDSHAKE;
      return ERR_IO_PENDING;
    }
    LOG(ERROR) << "handshake failed; returned " << rv << ", SSL error code "
               << ssl_error << ", net_error " << net_error;
    NetLogOpenSSLError(net_log_, NetLogEventType::SSL_HANDSHAKE_ERROR,
                       net_error, ssl_error, error_info);
  }
  next_handshake_state_ = STATE_HANDSHAKE_COMPLETE;
  return net_error;
}

As mentioned previously, the main issue is the failure of a handshake - specifically when ChromeDriver requests a handshake with a SSL page in Chrome. The error is know to the developer team (or broadly speaking, it has been reported on multiple occasions).

---

You can't fix this bug, unfortunately! Luckily, the error won't interrupt your program whatsoever. If you're bothered only by the messages themselves, feel free to compress all warning messages via options.add_argument('log-level=INT'), whereas INT might be one of the documented log-levels:

log-level: Sets the minimum log level. Valid values are from 0 to 3:

INFO = 0, 
WARNING = 1, 
LOG_ERROR = 2, 
LOG_FATAL = 3.

default is 0.

Quote taken from this StackOverflow question.

Thus you can use options.add_argument('log-level=3') to supress all kind of infos, warnings, errors or fatal messages (might suggest using only level 2 for errors). Please bear in mind that you won't see any other error-related messages which might cause mayhem in production!