ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:1122)
Requests library needs to verify SSL configuration.
You need to add verify option like that
requests.get('https://www.example.com', verify=False)
Python Requests requests.exceptions.SSLError: [Errno 8] _ssl.c:504: EOF occurred in violation of protocol
Reposting this here for others from the requests issue page:
Requests' does not support doing this before version 1. Subsequent to version 1, you are expected to subclass the HTTPAdapter, like so:
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager
import ssl
class MyAdapter(HTTPAdapter):
def init_poolmanager(self, connections, maxsize, block=False):
self.poolmanager = PoolManager(num_pools=connections,
maxsize=maxsize,
block=block,
ssl_version=ssl.PROTOCOL_TLSv1)
When you've done that, you can do this:
import requests
s = requests.Session()
s.mount('https://', MyAdapter())
Any request through that session object will then use TLSv1.
EOF occurred in violation of protocol (_ssl.c:1125) on python:3.8-slim-buster
So in short, it's very likely your mail server only supports TLS 1.1 or even only TLS 1.0 and the slim-buster image no longer has support for those protocols.
Going back to 3.7-alpine (which is known working combination) or an older ubuntu/debian version which still supports those protocols will allow you to send mail again.
Then you should upgrade your mail server, cause both TLS 1.0 and TLS 1.1 should have died long ago.
Edit:
Another way to test your mailserver is to use openssl's s_client
command:
openssl s_client -no_tls1 -no_tls1_1 -no_tls1_2 -connect your.mail.host:port
This will likely fail. Then remove a -no_tls
flag till it starts working and you know the highest protocol it supports.
Note: -no_tls1_2 is only supported on openssl versions that support TLSv1.3
EOF occurred in violation of protocol using requests on wonky server
For the custom HTTPAdapter subclass that you've created, I made a small modification that appears to work:
import ssl
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.ssl_ import create_urllib3_context
from requests.packages.urllib3.poolmanager import PoolManager
class DESAdapter(HTTPAdapter):
def init_poolmanager(self, connections, maxsize, block=False, *args, **kwargs):
CIPHERS = (
'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:'
'!eNULL:!MD5:DES-CBC3-SHA'
)
context = create_urllib3_context(ssl_version=ssl.PROTOCOL_TLSv1)
context.set_ciphers(CIPHERS)
self.poolmanager = PoolManager(
num_pools=connections,
maxsize=maxsize,
block=block,
ssl_context=context,
*args,
**kwargs
)
sess = requests.Session()
sess.mount('https://', DESAdapter())
res = sess.get('https://public.cdpehs.com/ILENVPBL/ESTABLISHMENT/ShowESTABLISHMENTTablePage.aspx?ESTTST_CTY=asgGk3ztR6c%3D')
print res
When calling ssl_.create_urllib3_context
, you can pass in the protocol you want to use. In this case we want TLSv1: ssl_.create_urllib3_context(ssl_version=ssl.PROTOCOL_TLSv1)
It may be that the ssl_version
and ssl_context
cannot be used at the same time in the PoolManager
constructor. It seems like ssl_version
has precedence, so if it is set, then it causes ssl_context
to be ignored. So make sure you remove ssl_version
from the PoolManager
constructor.
I noticed that you have PyOpenSSL installed.
The DESAdapter code I posted does not appear to work if you have PyOpenSSL installed. I'm not sure why that is though.
I do know that requests
will use pyOpenSSL if it is installed. Otherwise requests
will rely on the standard ssl
module in python. I believe one reason to use pyOpenSSL was for SNI support in 2.7. But I believe SNI support is available in 2.7.12.
Python SSL connection EOF occurred in violation of protocol
Using the forced TLSv1 fix as suggested by J.F Sebastian fixed all the issues I was facing.
Hints for future questions regarding:
DNSError exception - upgrading Gevent from 0.13.X to 1.0rc fixes this issue
SSL issues - look at fix in link provided by J.F Sebastian
Related Topics
Why Can't I Use the Method _Cmp_ in Python 3 as for Python 2
How to Change Effective Process Name in Python
Builtin Function Not Working with Spyder
Use Groupby in Pandas to Count Things in One Column in Comparison to Another
Python and Openssl Version Reference Issue on Os X
Validating Detailed Types in Python Dataclasses
Matplotlib: How to Prevent X-Axis Labels from Overlapping
Numpy Np.Apply_Along_Axis Function Speed Up
Receive and Send Emails in Python
Read from File After Write, Before Closing
Constructing a Co-Occurrence Matrix in Python Pandas
Sphinx's Autodoc's Automodule Having Apparently No Effect
Saving Upload in Flask Only Saves to Project Root
List' Object Has No Attribute 'Get_Attribute' While Iterating Through Webelements