Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SSL UNSUPPORTED_PROTOCOL Python 3 in Docker

I try to get data from the website via https and got the error with SSL certificate, but when I run on my mac - all works fine.

I also try with curl and got the same error,

curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

I run the parser in Docker container My Dockerfile:

FROM python:3.7

WORKDIR /parser
COPY ./requirements.txt .

RUN python -m pip install --upgrade pip

RUN pip install -r requirements.txt

COPY . /parser

I get the error below:

 Traceback (most recent call last):                                                                                                                                                                                                       
     File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in urlopen                                                                                                                                          
       chunked=chunked,                                                                                                                                                                                                                     
     File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in _make_request                                                                                                                                    
       self._validate_conn(conn)                                                                                                                                                                                                            
     File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn                                                                                                                                   
       conn.connect()                                                                                                                                                                                                                       
     File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 394, in connect                                                                                                                                              
       ssl_context=context,                                                                                                                                                                                                                 
     File "/usr/local/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket                                                                                                                                       
       return context.wrap_socket(sock, server_hostname=server_hostname)                                                                                                                                                                    
     File "/usr/local/lib/python3.7/ssl.py", line 423, in wrap_socket                                                                                                                                                                       
       session=session                                                                                                                                                                                                                      
     File "/usr/local/lib/python3.7/ssl.py", line 870, in _create                                                                                                                                                                           
       self.do_handshake()                                                                                                                                                                                                                  
     File "/usr/local/lib/python3.7/ssl.py", line 1139, in do_handshake                                                                                                                                                                     
       self._sslobj.do_handshake()                                                                                                                                                                                                          
   ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1076)                                                                                                                                                             
   During handling of the above exception, another exception occurred:                                                                                                                                                                      
   Traceback (most recent call last):                                                                                                                                                                                                       
     File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 449, in send                                                                                                                                                  
       timeout=timeout                                                                                                                                                                                                                      
     File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 720, in urlopen                                                                                                                                          
       method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]                                                                                                                                                                      
     File "/usr/local/lib/python3.7/site-packages/urllib3/util/retry.py", line 436, in increment                                                                                                                                            
       raise MaxRetryError(_pool, url, error or ResponseError(cause))                                                                                                                                                                       
   urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='life.pravda.com.ua', port=443): Max retries exceeded with url: /health/ (Caused by SSLError(SSLError(1, '[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1076)'))   
   )
like image 996
Саша Коровій Avatar asked Oct 07 '19 11:10

Саша Коровій


2 Answers

I resolved my problem with following commands in Dockerfile:

RUN    apt-get update \
    && apt-get install openssl \
    && apt-get install ca-certificates

And also need to add python package pyopenssl in requirements.txt

like image 139
Саша Коровій Avatar answered Oct 09 '22 03:10

Саша Коровій


I'm sure it's not about Docker or certificate but you're need to check which of protocols that server could talk, like this:

nmap --script ssl-enum-ciphers -p 443 this-is-your-site.com

then setup SSL context that should works in your case:

import ssl
ssl_context = ssl.create_default_context()
# Sets up old and insecure TLSv1.
ssl_context.options &= ~ssl.OP_NO_TLSv1_3 & ~ssl.OP_NO_TLSv1_2 & ~ssl.OP_NO_TLSv1_1
ssl_context.minimum_version = ssl.TLSVersion.TLSv1

and use custom HTTPAdapter for this mountpoint this-is-your-site.com.

like image 25
frost-nzcr4 Avatar answered Oct 09 '22 02:10

frost-nzcr4