Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Misusing of system-wide proxy on Windows / HTTPS connections over system-wide proxy on Windows do not work #6139

Open
ValdikSS opened this issue May 21, 2022 · 2 comments
Open

Misusing of system-wide proxy on Windows / HTTPS connections over system-wide proxy on Windows do not work #6139

ValdikSS opened this issue May 21, 2022 · 2 comments

Comments

@ValdikSS
Copy link

ValdikSS commented May 21, 2022
edited
Loading

On Windows 10 and 11, if a system-wide proxy is configured in the OS settings, Requests won't load HTTPS websites.
Instead of the regular CONNECT header, Requests sends TLS request to the proxy server (ip and port). The TLS ClientHello does not have Server Name Indication field, that's why I assume that Requests misinterprets the proxy as a Secure Web Proxy (a regular proxy with TLS encapsulation on top), which Windows does not support.

Expected Result

If system-wide proxy is configured in Windows, Requests sends CONNECT header to the proxy server when HTTPS website is requested.

Actual Result

If system-wide proxy is configured in Windows, Requests sends TLS request to the proxy address when HTTPS website is requested.

Reproduction Steps

  1. Configure system-wide proxy on Windows
import requests
requests.get("https://w3.org/")

Result:
My proxy does not respond to the packets it does not understand, and I receive the following error:
HTTPSConnectionPool(host='w3.org, port=443): Max retries exceeded with url: / (Caused by ProxyError('Cannot connect to proxy.', timeout('_ssl.c:1114: The handshake operation timed out')))

System Information

$ python -m requests.help

{
  "chardet": {
    "version": null
  },
  "charset_normalizer": {
    "version": "2.0.12"
  },
  "cryptography": {
    "version": ""
  },
  "idna": {
    "version": "3.3"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.10.4"
  },
  "platform": {
    "release": "10",
    "system": "Windows"
  },
  "pyOpenSSL": {
    "openssl_version": "",
    "version": null
  },
  "requests": {
    "version": "2.27.1"
  },
  "system_ssl": {
    "version": "101010ef"
  },
  "urllib3": {
    "version": "1.26.9"
  },
  "using_charset_normalizer": true,
  "using_pyopenssl": false
}
@ValdikSS ValdikSS mentioned this issue May 21, 2022
Closed
@ValdikSS
Copy link
Author

This is a Python's urllib bug, which is triggered by newer urllib3 version, thus affecting requests.

https://bugs.python.org/issue42627
python/cpython#86793
python/cpython@9743524

This bug has existed for a very long time (since Python 2.0.1 if not earlier), but it was exposed recently when urllib3 added support for HTTPS-in-HTTPS proxies in version 1.26. Before that, an https prefix on the HTTPS proxy url was silently treated as http, accidentally resulting in the correct behavior.

Fixed in Python 3.10.5, all the previous versions are still affected.

@ValdikSS
Copy link
Author

urllib3/urllib3#2164

@ValdikSS ValdikSS mentioned this issue Jun 11, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ValdikSS