Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aiohttp.client_exceptions.ClientConnectorError Cannot connect to host xxx ssl:None [None] #3672

Closed
pytomtoto opened this issue Mar 29, 2019 · 13 comments
Closed

aiohttp.client_exceptions.ClientConnectorError Cannot connect to host xxx ssl:None [None] #3672

pytomtoto opened this issue Mar 29, 2019 · 13 comments
Labels
bug

Comments

@pytomtoto
Copy link

pytomtoto commented Mar 29, 2019
edited
Loading 

Traceback (most recent call last):
  File "F:\tmp\alter-svc\venv\lib\site-packages\aiohttp\connector.py", line 924, in _wrap_create_connection
    await self._loop.create_connection(*args, **kwargs))
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37-32\lib\asyncio\base_events.py", line 970, in create_connection
    ssl_handshake_timeout=ssl_handshake_timeout)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37-32\lib\asyncio\base_events.py", line 998, in _create_connection_transport
    await waiter
ConnectionResetError

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "E:/code/alter-svc/api/test.py", line 22, in <module>
    loop.run_until_complete(test())
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37-32\lib\asyncio\base_events.py", line 568, in run_until_complete
    return future.result()
  File "E:/code/alter-svc/api/test.py", line 14, in test
    r = await session.get('https://www.mdnkids.com/news/?Serial_NO=108552')
  File "F:\tmp\alter-svc\venv\lib\site-packages\aiohttp\client.py", line 466, in _request
    timeout=real_timeout
  File "F:\tmp\alter-svc\venv\lib\site-packages\aiohttp\connector.py", line 522, in connect
    proto = await self._create_connection(req, traces, timeout)
  File "F:\tmp\alter-svc\venv\lib\site-packages\aiohttp\connector.py", line 854, in _create_connection
    req, traces, timeout)
  File "F:\tmp\alter-svc\venv\lib\site-packages\aiohttp\connector.py", line 992, in _create_direct_connection
    raise last_exc
  File "F:\tmp\alter-svc\venv\lib\site-packages\aiohttp\connector.py", line 974, in _create_direct_connection
    req=req, client_error=client_error)
  File "F:\tmp\alter-svc\venv\lib\site-packages\aiohttp\connector.py", line 931, in _wrap_create_connection
    raise client_error(req.connection_key, exc) from exc
aiohttp.client_exceptions.ClientConnectorError: Cannot connect to host www.mdnkids.com:443 ssl:None [None]

My Code

import aiohttp
import asyncio


async def test():

    async with aiohttp.ClientSession() as session:
        r = await session.get('https://www.mdnkids.com/news/?Serial_NO=108552')
        print(await r.text())

if __name__ == "__main__":
    loop = asyncio.get_event_loop()
    loop.run_until_complete(test())

Your environment

windows 10/centos 7.2
python 3.7
aiohttp 3.5.4 /4.0.0a0
@aio-libs-bot
Copy link

GitMate.io thinks the contributor most likely able to help you is @asvetlov.

Possibly related issues are #3038 (aiohttp.client_exceptions.ClientConnectorError: Cannot connect to host www.googleapis.com:443 ssl:False [Too many open files]), #3171 (ClientConnectorError: Cannot connect to host python.org:80 ssl:None [Network is unreachable]), #1376 (ClientOSError when trying to connect to certain hosts), #510 (Empty host crashes aiohttp), and #58 (aiohttp.HttpClient).

@newmanifold
Copy link

It seems to be openssl issue, most probabily your openssl is not compiled to support weak ciphers, i ran cipherscan tool on www.mdnkids.com and here are supported ciphers

Target: www.mdnkids.com:443

prio  ciphersuite          protocols          pubkey_size  signature_algoritm       trusted  ticket_hint  ocsp_staple  npn   pfs
1     RC4-MD5              SSLv2,SSLv3,TLSv1  2048         sha256WithRSAEncryption  True     None         False        None  None          None
2     RC4-SHA              SSLv3,TLSv1        2048         sha256WithRSAEncryption  True     None         False        None  None          None
3     DES-CBC3-SHA         SSLv3,TLSv1        2048         sha256WithRSAEncryption  True     None         False        None  None          None
4     EXP1024-RC4-SHA      SSLv3,TLSv1        2048         sha256WithRSAEncryption  True     None         False        None  RSA,1024bits  None
5     EXP1024-DES-CBC-SHA  SSLv3,TLSv1        2048         sha256WithRSAEncryption  True     None         False        None  RSA,1024bits  None
6     EXP-RC4-MD5          SSLv3,TLSv1        2048         sha256WithRSAEncryption  True     None         False        None  RSA,512bits   None
7     EXP-RC2-CBC-MD5      SSLv3,TLSv1        2048         sha256WithRSAEncryption  True     None         False        None  RSA,512bits   None
8     RC2-CBC-MD5          SSLv2              2048         sha256WithRSAEncryption  False    None         False        None  None          None
9     DES-CBC3-MD5         SSLv2              2048         sha256WithRSAEncryption  False    None         False        None  None          None
10    DES-CBC-MD5          SSLv2              2048         sha256WithRSAEncryption  False    None         False        None  None          None

OCSP stapling: not supported
Cipher ordering: server
Curves ordering: unknown - fallback: no
Renegotiation test error
Supported compression methods test error

TLS Tolerance: no
Fallbacks required:
big-SSLv3 config not supported, connection failed
big-TLSv1.0 config not supported, connection failed
big-TLSv1.1 config not supported, connection failed
big-TLSv1.2 config not supported, connection failed
small-SSLv3 no fallback req, connected: SSLv3 RC4-MD5
small-TLSv1.0 no fallback req, connected: TLSv1 RC4-MD5
small-TLSv1.0-notlsext no fallback req, connected: TLSv1 RC4-MD5
small-TLSv1.1 no fallback req, connected: TLSv1 RC4-MD5
small-TLSv1.2 no fallback req, connected: TLSv1 RC4-MD5
v2-big-TLSv1.2 no fallback req, connected: TLSv1 RC4-MD5
v2-small-SSLv3 no fallback req, connected: SSLv3 RC4-MD5
v2-small-TLSv1.0 no fallback req, connected: TLSv1 RC4-MD5
v2-small-TLSv1.1 no fallback req, connected: TLSv1 RC4-MD5
v2-small-TLSv1.2 no fallback req, connected: TLSv1 RC4-MD5

You can run command
openssl ciphers 'ALL'

to see ciphers supported by your openssl version,

I haven't tried this solution because it would require me to rebuild python so, you can try if you want

  1. build openssl with option enable-weak-ciphers ( you can find it in openssl configuration doc)
  2. build python and link that with above openssl build
  3. pass ssl context to ClientSession.get having 'RC4-SHA' cipher supported

@pytomtoto
Copy link
Author 

OS: WINDOWS 10
Python 3.7.2 (tags/v3.7.2:9a3ffc0492, Dec 23 2018, 23:09:28) [MSC v.1916 64 bit (AMD64)] on win32
import ssl
ssl.OPENSSL_VERSION
'OpenSSL 1.1.0j  20 Nov 2018'

It`s difficult to rebuild python.
I try to use ssl context to pass this.
but i don't know how to set it
----------------
     ctx = ssl.create_default_context(Purpose.CLIENT_AUTH)
    ctx.check_hostname = False
    ctx.verify_mode = ssl.CERT_NONE
    ctx.options &= ~ssl.OP_ALL
    async with aiohttp.ClientSession(connector=aiohttp.TCPConnector(ssl=ctx), loop=loop) as session:
        # r = await session.get('https://www.mdnkids.com/news/?Serial_NO=108552')
        # print(await r.text())
        r = await session.get('https://www.mdnkids.com/news/?Serial_NO=108552')
        print(await r.text())

@newmanifold
Copy link

newmanifold commented Mar 30, 2019
edited
Loading

well, its definitely the issue with your openssl not supporting weak ciphers
I've built openssl with weak cipher support and linked with curl while building curl,
now its not giving any ssl error with RC4-MD5 cipher, and curl is fetching page response without any issue

Can you please run following command in terminal

openssl ciphers 'ALL'

and this

python3 -c 'import ssl; print(ssl.SSLContext().get_ciphers())'

Now if your openssl doesn't support weak ciphers you will have to rebuild python with openssl

@pytomtoto
Copy link
Author

I can't run command in terminal with openssl ciphers 'ALL',windows 10 tell me openssl it's not a valid order. i try to install one later.

python3 -c 'import ssl; print(ssl.SSLContext().get_ciphers())'

[{
	'id': 50380844,
	'name': 'ECDHE-ECDSA-AES256-GCM-SHA384',
	'protocol': 'TLSv1.2',
	'description': 'ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': True,
	'symmetric': 'aes-256-gcm',
	'digest': None,
	'kea': 'kx-ecdhe',
	'auth': 'auth-ecdsa'
}, {
	'id': 50380848,
	'name': 'ECDHE-RSA-AES256-GCM-SHA384',
	'protocol': 'TLSv1.2',
	'description': 'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': True,
	'symmetric': 'aes-256-gcm',
	'digest': None,
	'kea': 'kx-ecdhe',
	'auth': 'auth-rsa'
}, {
	'id': 50331807,
	'name': 'DHE-RSA-AES256-GCM-SHA384',
	'protocol': 'TLSv1.2',
	'description': 'DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': True,
	'symmetric': 'aes-256-gcm',
	'digest': None,
	'kea': 'kx-dhe',
	'auth': 'auth-rsa'
}, {
	'id': 50384041,
	'name': 'ECDHE-ECDSA-CHACHA20-POLY1305',
	'protocol': 'TLSv1.2',
	'description': 'ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': True,
	'symmetric': 'chacha20-poly1305',
	'digest': None,
	'kea': 'kx-ecdhe',
	'auth': 'auth-ecdsa'
}, {
	'id': 50384040,
	'name': 'ECDHE-RSA-CHACHA20-POLY1305',
	'protocol': 'TLSv1.2',
	'description': 'ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': True,
	'symmetric': 'chacha20-poly1305',
	'digest': None,
	'kea': 'kx-ecdhe',
	'auth': 'auth-rsa'
}, {
	'id': 50384042,
	'name': 'DHE-RSA-CHACHA20-POLY1305',
	'protocol': 'TLSv1.2',
	'description': 'DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': True,
	'symmetric': 'chacha20-poly1305',
	'digest': None,
	'kea': 'kx-dhe',
	'auth': 'auth-rsa'
}, {
	'id': 50380843,
	'name': 'ECDHE-ECDSA-AES128-GCM-SHA256',
	'protocol': 'TLSv1.2',
	'description': 'ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD',
	'strength_bits': 128,
	'alg_bits': 128,
	'aead': True,
	'symmetric': 'aes-128-gcm',
	'digest': None,
	'kea': 'kx-ecdhe',
	'auth': 'auth-ecdsa'
}, {
	'id': 50380847,
	'name': 'ECDHE-RSA-AES128-GCM-SHA256',
	'protocol': 'TLSv1.2',
	'description': 'ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD',
	'strength_bits': 128,
	'alg_bits': 128,
	'aead': True,
	'symmetric': 'aes-128-gcm',
	'digest': None,
	'kea': 'kx-ecdhe',
	'auth': 'auth-rsa'
}, {
	'id': 50331806,
	'name': 'DHE-RSA-AES128-GCM-SHA256',
	'protocol': 'TLSv1.2',
	'description': 'DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD',
	'strength_bits': 128,
	'alg_bits': 128,
	'aead': True,
	'symmetric': 'aes-128-gcm',
	'digest': None,
	'kea': 'kx-dhe',
	'auth': 'auth-rsa'
}, {
	'id': 50380836,
	'name': 'ECDHE-ECDSA-AES256-SHA384',
	'protocol': 'TLSv1.2',
	'description': 'ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': False,
	'symmetric': 'aes-256-cbc',
	'digest': 'sha384',
	'kea': 'kx-ecdhe',
	'auth': 'auth-ecdsa'
}, {
	'id': 50380840,
	'name': 'ECDHE-RSA-AES256-SHA384',
	'protocol': 'TLSv1.2',
	'description': 'ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': False,
	'symmetric': 'aes-256-cbc',
	'digest': 'sha384',
	'kea': 'kx-ecdhe',
	'auth': 'auth-rsa'
}, {
	'id': 50331755,
	'name': 'DHE-RSA-AES256-SHA256',
	'protocol': 'TLSv1.2',
	'description': 'DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': False,
	'symmetric': 'aes-256-cbc',
	'digest': 'sha256',
	'kea': 'kx-dhe',
	'auth': 'auth-rsa'
}, {
	'id': 50380835,
	'name': 'ECDHE-ECDSA-AES128-SHA256',
	'protocol': 'TLSv1.2',
	'description': 'ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256',
	'strength_bits': 128,
	'alg_bits': 128,
	'aead': False,
	'symmetric': 'aes-128-cbc',
	'digest': 'sha256',
	'kea': 'kx-ecdhe',
	'auth': 'auth-ecdsa'
}, {
	'id': 50380839,
	'name': 'ECDHE-RSA-AES128-SHA256',
	'protocol': 'TLSv1.2',
	'description': 'ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256',
	'strength_bits': 128,
	'alg_bits': 128,
	'aead': False,
	'symmetric': 'aes-128-cbc',
	'digest': 'sha256',
	'kea': 'kx-ecdhe',
	'auth': 'auth-rsa'
}, {
	'id': 50331751,
	'name': 'DHE-RSA-AES128-SHA256',
	'protocol': 'TLSv1.2',
	'description': 'DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256',
	'strength_bits': 128,
	'alg_bits': 128,
	'aead': False,
	'symmetric': 'aes-128-cbc',
	'digest': 'sha256',
	'kea': 'kx-dhe',
	'auth': 'auth-rsa'
}, {
	'id': 50380810,
	'name': 'ECDHE-ECDSA-AES256-SHA',
	'protocol': 'TLSv1.0',
	'description': 'ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': False,
	'symmetric': 'aes-256-cbc',
	'digest': 'sha1',
	'kea': 'kx-ecdhe',
	'auth': 'auth-ecdsa'
}, {
	'id': 50380820,
	'name': 'ECDHE-RSA-AES256-SHA',
	'protocol': 'TLSv1.0',
	'description': 'ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': False,
	'symmetric': 'aes-256-cbc',
	'digest': 'sha1',
	'kea': 'kx-ecdhe',
	'auth': 'auth-rsa'
}, {
	'id': 50331705,
	'name': 'DHE-RSA-AES256-SHA',
	'protocol': 'SSLv3',
	'description': 'DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': False,
	'symmetric': 'aes-256-cbc',
	'digest': 'sha1',
	'kea': 'kx-dhe',
	'auth': 'auth-rsa'
}, {
	'id': 50380809,
	'name': 'ECDHE-ECDSA-AES128-SHA',
	'protocol': 'TLSv1.0',
	'description': 'ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1',
	'strength_bits': 128,
	'alg_bits': 128,
	'aead': False,
	'symmetric': 'aes-128-cbc',
	'digest': 'sha1',
	'kea': 'kx-ecdhe',
	'auth': 'auth-ecdsa'
}, {
	'id': 50380819,
	'name': 'ECDHE-RSA-AES128-SHA',
	'protocol': 'TLSv1.0',
	'description': 'ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1',
	'strength_bits': 128,
	'alg_bits': 128,
	'aead': False,
	'symmetric': 'aes-128-cbc',
	'digest': 'sha1',
	'kea': 'kx-ecdhe',
	'auth': 'auth-rsa'
}, {
	'id': 50331699,
	'name': 'DHE-RSA-AES128-SHA',
	'protocol': 'SSLv3',
	'description': 'DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1',
	'strength_bits': 128,
	'alg_bits': 128,
	'aead': False,
	'symmetric': 'aes-128-cbc',
	'digest': 'sha1',
	'kea': 'kx-dhe',
	'auth': 'auth-rsa'
}, {
	'id': 50331805,
	'name': 'AES256-GCM-SHA384',
	'protocol': 'TLSv1.2',
	'description': 'AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': True,
	'symmetric': 'aes-256-gcm',
	'digest': None,
	'kea': 'kx-rsa',
	'auth': 'auth-rsa'
}, {
	'id': 50331804,
	'name': 'AES128-GCM-SHA256',
	'protocol': 'TLSv1.2',
	'description': 'AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD',
	'strength_bits': 128,
	'alg_bits': 128,
	'aead': True,
	'symmetric': 'aes-128-gcm',
	'digest': None,
	'kea': 'kx-rsa',
	'auth': 'auth-rsa'
}, {
	'id': 50331709,
	'name': 'AES256-SHA256',
	'protocol': 'TLSv1.2',
	'description': 'AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': False,
	'symmetric': 'aes-256-cbc',
	'digest': 'sha256',
	'kea': 'kx-rsa',
	'auth': 'auth-rsa'
}, {
	'id': 50331708,
	'name': 'AES128-SHA256',
	'protocol': 'TLSv1.2',
	'description': 'AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256',
	'strength_bits': 128,
	'alg_bits': 128,
	'aead': False,
	'symmetric': 'aes-128-cbc',
	'digest': 'sha256',
	'kea': 'kx-rsa',
	'auth': 'auth-rsa'
}, {
	'id': 50331701,
	'name': 'AES256-SHA',
	'protocol': 'SSLv3',
	'description': 'AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1',
	'strength_bits': 256,
	'alg_bits': 256,
	'aead': False,
	'symmetric': 'aes-256-cbc',
	'digest': 'sha1',
	'kea': 'kx-rsa',
	'auth': 'auth-rsa'
}, {
	'id': 50331695,
	'name': 'AES128-SHA',
	'protocol': 'SSLv3',
	'description': 'AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1',
	'strength_bits': 128,
	'alg_bits': 128,
	'aead': False,
	'symmetric': 'aes-128-cbc',
	'digest': 'sha1',
	'kea': 'kx-rsa',
	'auth': 'auth-rsa'
}]

@newmanifold
Copy link

Hmm, RC4 Cipher is missing, well if you really want to send http requests from python to www.mdnkids.com, you can try building openssl with weak ciphers on WSL and afterwards build python3,
Sorry but i can't find any tool or method to just relink openssl with existing python build ,

@pytomtoto
Copy link
Author

ok ,thx. I probably know about this.
I just suggest to consider a more relaxed validation abort verify_ssl=False

@v-hunt v-hunt mentioned this issue Oct 19, 2020
Open
@tomlin7 tomlin7 mentioned this issue Dec 3, 2020
Closed
@ganbaaelmer
Copy link

verify_ssl

where i add this line of code?

@Mennaruuk
Copy link

Like this:

session = aiohhtp.ClientSession(connector=aiohttp.TCPConnector(verify_ssl=False))

Or this:

async with ClientSession(headers=headers, verify_ssl=False) as session:

Source

@manzt manzt mentioned this issue Jun 12, 2023
Open
@sathia-musso sathia-musso mentioned this issue May 30, 2024
Open
@sathia-musso
Copy link

it seems that a request like this

import aiohttp
import asyncio

async def test():

    async with aiohttp.ClientSession() as session:
        r = await session.get('https://192.168.0.107/cgi-bin/api.cgi', ssl=False)
        print(await r.text())

if __name__ == "__main__":
    loop = asyncio.get_event_loop()
    loop.run_until_complete(test())

will not work even if ssl=False

aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host 192.168.0.107:443 ssl:False [[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] ssl/tls alert handshake failure (_ssl.c:1000)]

a curl request seems to be working fine

curl --header 'Content-type: application/json' -k -v https://192.168.0.107/
*   Trying 192.168.0.107:443...
* Connected to 192.168.0.107 (192.168.0.107) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES256-GCM-SHA384 / UNDEF / UNDEF
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=IT; ST=Italy; L=Monteprandone (AP); O=Inim Electronics; CN=www.inim.biz; emailAddress=info@inim.biz
*  start date: Jan 11 15:09:13 2022 GMT
*  expire date: Jan  9 15:09:13 2032 GMT
*  issuer: C=IT; ST=Italy; L=Monteprandone (AP); O=Inim Electronics; CN=www.inim.biz; emailAddress=info@inim.biz
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/1.x
> GET / HTTP/1.1
> Host: 192.168.0.107
> User-Agent: curl/8.5.0
> Accept: */*
> Content-type: application/json
>
< HTTP/1.1 200 OK

@Dreamsorcerer
Copy link
Member

We can't test if you don't provide the server to test against. But, ssl=False only relaxes a couple of settings, if you want something significantly more insecure (I'm not sure exactly what is failing), then you can provide your own SSLContext: https://docs.aiohttp.org/en/stable/client_advanced.html#ssl-control-for-tcp-sockets

@sathia-musso
Copy link

I realized that I am making requests to a 2005 web server named Boa. The device i'm trying to reach is an embedded system and I doubt the vendor will ever change anything on it. Moreover I'm using home assistant so my options are a bit limited and i can't create a ssl context.

@Dreamsorcerer
Copy link
Member

Probably an issue/feature request for homeassistant then. @bdraco

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@sathia-musso @Dreamsorcerer @pytomtoto @aio-libs-bot @newmanifold @ganbaaelmer @Mennaruuk