New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
requests.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:645) #3006
Comments
What does a crash like that look like?
Are you completely unable to run them at all after that? |
@sigmavirus24 It's just some bug in my own code without anything to do with networking. But one thing is for sure, after some point, I'm completely unable to make request to https://www.telegram.org, which I can do right after install request. Just FYI: #2906 |
So I'd like to point out that you're installing |
@sigmavirus24 So this there anything I can do to help you? |
Any idea? @Lukasa |
So what matters most here is: why does your code stop using PyOpenSSL? When you encounter your crash, can you open a python console in your virtual environment and then run |
Couldn't reproduce it now. I will close this first, and if I encounter the problem again, I will paste the result and reopen it. |
@Lukasa I think since requests is shipped with its own urllib3, I could not import urllib3 alone. And the following result confirms it.
|
I'm sorry, try importing |
|
I bet that is a bug on 3.5 with pyOpenSSL that we didn't know about @Lukasa (with respect to |
Nope, I know about it, and have proposed a fix upstream in urllib3 when we started testing PyOpenSSL. The reality is that So that doesn't solve our puzzle: why did this work for a bit and then stop? |
tangent comment based on original report, the built in ssl.py in python has an option to suppress ragged EOFs as there are plenty of sites that will uncleanly shutdown SSL connections. sometimes unreliably as if it were a matter of timing or coincidence. the following is an extract from ssl.py class SSLSocket(socket):
[...]
def read(self, len=0, buffer=None):
"""Read up to LEN bytes and return them.
Return zero-length string on EOF."""
self._checkClosed()
if not self._sslobj:
raise ValueError("Read on closed or unwrapped SSL socket.")
try:
return self._sslobj.read(len, buffer)
except SSLError as x:
if x.args[0] == SSL_ERROR_EOF and self.suppress_ragged_eofs:
if buffer is not None:
return 0
else:
return b''
else:
raise |
Having the same exception on Python 2.7.11/OSX when pounding a server with |
@the-efi could you be more specific about which exception you're seeing? |
|
@the-efi Do you have |
pyopenssl: negative |
Ok. You're also running Python 2.7, so you and the poster seem to be having different problems. Do you know if you hit your problem during connection setup, or on a long-running connection? |
I would imagine this is during connection setup, but if |
Requests does indeed re-use previously opened connections where possible, which is why I asked the question. ;) It would be very useful if we could get a packet capture of this problem in your case, though that may be tricky given that it occurs under heavy load. |
No problem, I will see what I can do about it after the weekend. Would you like me to submit that as a new issue? |
Yes please. =) |
@Lukasa Any progress with urllib3? |
@caizixian We're getting there, but we have some problems with our CI testing because Travis CI has a fairly old PyPy image that doesn't behave well with PyOpenSSL at the moment. I'll see if I can get this to work sometime this weekend. |
@Lukasa @shazow urllib3 always has a home at http://ci.kennethreitz.org, if desired! |
The error is unclear, but most likely it is a result of your OpenSSL version. Your claim that Ubuntu 14.04 has no OpenSSL simply cannot be true if you are making HTTPS requests. My best guess is that the server is sending EOF because none of your ciphers are acceptable. Ubuntu works because it has a newer OpenSSL with newer ciphers. Installing PyOpenSSL works because it provides a vendored copy of OpenSSL 1.0.2, also with newer ciphers. |
Hello! I have a problem with some https-sites and request library. installed: get an error: requests.exceptions.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",) OS: Archbang linux, latest |
You're another person who is winning our competition of who can attempt to contact the worst HTTPS server in the world. This server is awfully configured, it is entirely insecure. The reason you're encountering this problem is because Requests no longer supports any of the cipher suites this server supports because they're all either weak or insecure. In the first instance I recommend you attempt to pressure someone to fix the server, but if you really must contact it you can re-add 3DES like this. |
@vyscond saved my life. Never mind what I did on my OSX, it went away only when installing |
It is only useful on some configurations of OS X and Python. The end result is that they remain optional. |
I'm wondering how much time people spend before they (maybe) find the solution to that problem. I had to through a lot to find this thread and go through it. Is it worth it? |
Depends. Problems can be introduced by requiring these dependencies too, not least that it adds a new OpenSSL to your system that is versioned and managed separately. |
@Lukasa for some reasons I got my setup working, seems pyopenssl (installed via requests[security] is messing up the certificates attached to some requests. |
I was having this issue on Mac OSX Sierra v 10.12.0. Tried everything on this thread, didn't work. Finally upgraded my OS to v10.12.6 and the issue went away. |
The error may also manifest itself when using python-requests to make an api call to a site that is behind a vpn, and that vpn tunnel happens to be down at that moment. |
Hi guys! I am a bit new to requests myself and found this error while doing a POC with Requests to see if it can fulfill my requirements for common criteria compliance. I tried to connect my Requests POC to this tool, I am specifically looking at the test cases for FIA-X509 Ext 1.1 but this is what i got:
this is the POC code that i am using:
where 10.0.0.221 is the place where i have placed the tool for verification. I am not exactly sure as to why this error is occurring. I tried going through this thread as well as multiple other questions on stackoverflow as well but could not find a suitable solution. I will admit that i do not have a clear understanding of the TLS protocol as well at this point in time. So if someone could guide me as to what's the problem here, i'd be grateful. Please let me know if i missed anything or need to provide any sort of additional information. Thanks! |
Just as an FYI, this error also occurs when SSL isn't enabled on the server you're connecting to. |
Here is the first issue.
https://github.com/kennethreitz/requests/issues/2906
Python 3.5.1 (https://www.python.org/downloads/) Virtualenv 14.0.5 Mac OS X 10.11.3
First, I created a virtualenv and
pip install requests[security]
Then I got
which was what I expected.
Everything worked great for about an hour.
Then, some of my own scripts crashed which was normal. After that, when I try to run my script again, I got following exceptions
So I opened another Python console and
So I rebooted, uninstalled all these libs and pip install them again. Everything worked again.
But after 1 hour or so, same exception again.
The text was updated successfully, but these errors were encountered: