[英]Urllib3 error "SSL: wrong signature type"
When I run the following code in python 3.8.5 from an Ubuntu Server:当我从 Ubuntu 服务器在 python 3.8.5 中运行以下代码时:
import urllib3
import certifi
url = "https://www.website.com"
http = urllib3.PoolManager(cert_reqs='CERT_REQUIRED', ca_certs=certifi.where())
content = http.request("GET", url, preload_content=False).read()
The following error occurr:发生以下错误:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect
self.sock = ssl_wrap_socket(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_SIGNATURE_TYPE] wrong signature type (_ssl.c:1123)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "MyFile.py", line 46, in <module>
content = urllib3.PoolManager().request("GET", url)
File "/usr/lib/python3/dist-packages/urllib3/request.py", line 75, in request
return self.request_encode_url(
File "/usr/lib/python3/dist-packages/urllib3/request.py", line 97, in request_encode_url
return self.urlopen(method, url, **extra_kw)
File "/usr/lib/python3/dist-packages/urllib3/poolmanager.py", line 330, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 747, in urlopen
return self.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 747, in urlopen
return self.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 747, in urlopen
return self.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='www.website.com', port=443): Max retries exceeded with url: /path/to/web/page.html (Caused by SSLError(SSLError(1, '[SSL: WRONG_SIGNATURE_TYPE] wrong signature type (_ssl.c:1123)')))
The system is updated as all the libraries I am using系统更新为我正在使用的所有库
Running the same code on my Windows 10 pc results in no errors在我的 Windows 10 电脑上运行相同的代码不会出现错误
What am I missing?我错过了什么?
I answer by myself referencing this GitHub issue: https://github.com/psf/requests/issues/4775我自己回答这个 GitHub 问题: https://github.com/psf/requests/issues/4775
I solved the problem using the code below:我使用下面的代码解决了这个问题:
import urllib3
url = "https://www.website.com"
ctx = ssl.create_default_context()
ctx.set_ciphers('DEFAULT@SECLEVEL=1')
http = urllib3.PoolManager(
ssl_version=ssl.PROTOCOL_TLS,
ssl_context=ctx)
content = http.request("GET", url, preload_content=False).read()
You could also keep using requests with the following code (inspired from your answer and the requests documentation ):您还可以继续使用带有以下代码的请求(灵感来自您的回答和请求文档):
import ssl
import requests
import urllib3
class SslOldHttpAdapter(requests.adapters.HTTPAdapter):
def init_poolmanager(self, connections, maxsize, block=False):
ctx = ssl.create_default_context()
ctx.set_ciphers('DEFAULT@SECLEVEL=1')
self.poolmanager = urllib3.poolmanager.PoolManager(
ssl_version=ssl.PROTOCOL_TLS,
ssl_context=ctx)
url = "https://www.website.com"
s = requests.Session()
s.mount(url, SslOldHttpAdapter())
r = s.get(url, headers=headers)
try to disable the system proxy尝试禁用系统代理
proxies = {"http": None, "https": None}
The above answer about creating a new context with SECLEVEL=1 does not work for me in Python 3.11.1 on Windows (with OpenSSL 1.1.1q 5 Jul 2022
).上面关于使用 SECLEVEL=1 创建新上下文的答案在 Windows 上的 Python 3.11.1 中对我不起作用(使用
OpenSSL 1.1.1q 5 Jul 2022
)。
But this (inspaired by Python - requests.exceptions.SSLError - dh key too small ) works:但这(受Python 启发 - requests.exceptions.SSLError - dh key too small )有效:
import requests
requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = 'DEFAULT@SECLEVEL=1'
r = requests.get('https://www.billboard-japan.com')
print(r.status_code)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.