Python Requests.Exceptions.Sslerror: Eof Occurred in Violation of Protocol

  • Home
  • Languages
  • Python
  • Python Requests.Exceptions.Sslerror: Eof Occurred in Violation of Protocol

ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:1122)

Requests library needs to verify SSL configuration.

You need to add verify option like that

requests.get('https://www.example.com', verify=False)

Python Requests requests.exceptions.SSLError: [Errno 8] _ssl.c:504: EOF occurred in violation of protocol

Reposting this here for others from the requests issue page:

Requests' does not support doing this before version 1. Subsequent to version 1, you are expected to subclass the HTTPAdapter, like so:

from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager
import ssl

class MyAdapter(HTTPAdapter):
    def init_poolmanager(self, connections, maxsize, block=False):
        self.poolmanager = PoolManager(num_pools=connections,
                                       maxsize=maxsize,
                                       block=block,
                                       ssl_version=ssl.PROTOCOL_TLSv1)

When you've done that, you can do this:

import requests
s = requests.Session()
s.mount('https://', MyAdapter())

Any request through that session object will then use TLSv1.

EOF occurred in violation of protocol (_ssl.c:1125) on python:3.8-slim-buster

So in short, it's very likely your mail server only supports TLS 1.1 or even only TLS 1.0 and the slim-buster image no longer has support for those protocols.

Going back to 3.7-alpine (which is known working combination) or an older ubuntu/debian version which still supports those protocols will allow you to send mail again.

Then you should upgrade your mail server, cause both TLS 1.0 and TLS 1.1 should have died long ago.

Edit:

Another way to test your mailserver is to use openssl's s_client command:

openssl s_client -no_tls1 -no_tls1_1 -no_tls1_2 -connect your.mail.host:port

This will likely fail. Then remove a -no_tls flag till it starts working and you know the highest protocol it supports.

Note: -no_tls1_2 is only supported on openssl versions that support TLSv1.3

EOF occurred in violation of protocol using requests on wonky server

For the custom HTTPAdapter subclass that you've created, I made a small modification that appears to work:

import ssl

import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.ssl_ import create_urllib3_context
from requests.packages.urllib3.poolmanager import PoolManager

class DESAdapter(HTTPAdapter):
    def init_poolmanager(self, connections, maxsize, block=False, *args, **kwargs):
        CIPHERS = (
            'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
            'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:'
            '!eNULL:!MD5:DES-CBC3-SHA'
        )

        context = create_urllib3_context(ssl_version=ssl.PROTOCOL_TLSv1)
        context.set_ciphers(CIPHERS)

        self.poolmanager = PoolManager(
            num_pools=connections,
            maxsize=maxsize,
            block=block,
            ssl_context=context,
            *args,
            **kwargs
        )

sess = requests.Session()
sess.mount('https://', DESAdapter())
res = sess.get('https://public.cdpehs.com/ILENVPBL/ESTABLISHMENT/ShowESTABLISHMENTTablePage.aspx?ESTTST_CTY=asgGk3ztR6c%3D')
print res

When calling ssl_.create_urllib3_context, you can pass in the protocol you want to use. In this case we want TLSv1: ssl_.create_urllib3_context(ssl_version=ssl.PROTOCOL_TLSv1)

It may be that the ssl_version and ssl_context cannot be used at the same time in the PoolManager constructor. It seems like ssl_version has precedence, so if it is set, then it causes ssl_context to be ignored. So make sure you remove ssl_version from the PoolManager constructor.

I noticed that you have PyOpenSSL installed.

The DESAdapter code I posted does not appear to work if you have PyOpenSSL installed. I'm not sure why that is though.

I do know that requests will use pyOpenSSL if it is installed. Otherwise requests will rely on the standard ssl module in python. I believe one reason to use pyOpenSSL was for SNI support in 2.7. But I believe SNI support is available in 2.7.12.

Python SSL connection EOF occurred in violation of protocol

Using the forced TLSv1 fix as suggested by J.F Sebastian fixed all the issues I was facing.

Hints for future questions regarding:

  • DNSError exception - upgrading Gevent from 0.13.X to 1.0rc fixes this issue

  • SSL issues - look at fix in link provided by J.F Sebastian


Related Topics

Why Can't I Use the Method _Cmp_ in Python 3 as for Python 2

How to Change Effective Process Name in Python

Builtin Function Not Working with Spyder

If a VS If a Is Not None:

Use Groupby in Pandas to Count Things in One Column in Comparison to Another

Python and Openssl Version Reference Issue on Os X

Validating Detailed Types in Python Dataclasses

Matplotlib: How to Prevent X-Axis Labels from Overlapping

Numpy Np.Apply_Along_Axis Function Speed Up

Receive and Send Emails in Python

Read from File After Write, Before Closing

Constructing a Co-Occurrence Matrix in Python Pandas

Sphinx's Autodoc's Automodule Having Apparently No Effect

Saving Upload in Flask Only Saves to Project Root

List' Object Has No Attribute 'Get_Attribute' While Iterating Through Webelements

Python Urllib2 with Keep Alive

Pandas Every Nth Row

Overloaded Functions in Python


Leave a reply



Submit