Skip to content

SSL: DH_KEY_TOO_SMALL, Requests > 2.31.0 #6827

New issue
New issue
Closed
Closed
SSL: DH_KEY_TOO_SMALL, Requests > 2.31.0#6827
Labels
Question/Not a bugactions/autoclose-qaUsed for automation to auto-close an issue
@snooppr

Description

@snooppr
snooppr
opened on Nov 15, 2024

How to make requests to problematic sites (on old versions disabling shfires helped)?

import requests, urllib3

print(f"requests={requests.__version__}, urllib3={urllib3.__version__}")
requests=2.32.3, urllib3=1.26.18 (This version of Urllib3 still supports custom cipher selection.)

requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += ':HIGH:!DH:!aNULL'

Error:
print(requests.get("https://nhl.ru"))
SSLError(SSLError(1, '[SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1125)')))

python -m pip install requests==2.31.0

import requests, urllib3

print(f"requests={requests.__version__}, urllib3={urllib3.__version__}")
requests=2.31.0, urllib3=1.26.18

requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += ':HIGH:!DH:!aNULL'

Good:
print(requests.get("https://nhl.ru"))
<Response [404]>

The latest version that works with the cipher changes Requests=2.31.0 and urllib3=1.26.18.

If you update, requests are bad: ('SSL: DH_KEY_TOO_SMALL')

Is there a way to make successful requests to old sites by playing with SSL (at the Python level, not the OS?).

For example:
Good:
curl -vLk "http://nhl.ru/" --ciphers 'DEFAULT:!DH'

Metadata

Metadata

Assignees

No one assigned

    Labels

    Question/Not a bugactions/autoclose-qaUsed for automation to auto-close an issue

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions