New submission from lkraav <l...@kraav.com>:
Problems emerged when Requests phased out PyOpenSSL as their default backend https://github.com/psf/requests/blob/main/HISTORY.md#2240-2020-06-17 Suddenly my script wasn't able to connect to a remote server that it had been working with for years. All connection attempts with Python built-in SSL module, with various certificate or TLS configurations tested, result in a blunt ConnectionResetError during `do_handshake()` This leads me to believe Python SSL module is maybe incompatible [with some IIS thing] in some perhaps fixable way, because going with PyOpenSSL backend via `urllib3.contrib.pyopenssl.inject_into_urllib3()` I can provide the real server name in a private email if any maintainers is interested in doing a debug run in some more thorough way that I'm unable to, let me know. Example test: ``` $ ipython Python 3.9.9 (main, Dec 21 2021, 17:21:49) Type 'copyright', 'credits' or 'license' for more information IPython 7.29.0 -- An enhanced Interactive Python. Type '?' for help. In [1]: import ssl In [2]: context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) In [3]: import socket In [4]: context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT, verify_mode=ssl.CERT_NONE) In [5]: conn = context.wrap_socket(socket.socket(socket.AF_INET), server_hostname="webapi.remote") In [6]: conn.connect(("webapi.remote", 52100)) --------------------------------------------------------------------------- ConnectionResetError Traceback (most recent call last) <ipython-input-6-f778062c5e51> in <module> ----> 1 conn.connect(("webapi.remote", 52100)) /usr/lib/python3.9/ssl.py in connect(self, addr) 1340 """Connects to remote ADDR, and then wraps the connection in 1341 an SSL channel.""" -> 1342 self._real_connect(addr, False) 1343 1344 def connect_ex(self, addr): /usr/lib/python3.9/ssl.py in _real_connect(self, addr, connect_ex) 1331 self._connected = True 1332 if self.do_handshake_on_connect: -> 1333 self.do_handshake() 1334 return rc 1335 except (OSError, ValueError): /usr/lib/python3.9/ssl.py in do_handshake(self, block) 1307 if timeout == 0.0 and block: 1308 self.settimeout(None) -> 1309 self._sslobj.do_handshake() 1310 finally: 1311 self.settimeout(timeout) ConnectionResetError: [Errno 104] Connection reset by peer ``` ---------- assignee: christian.heimes components: SSL messages: 409050 nosy: christian.heimes, lkraav priority: normal severity: normal status: open title: 3.9.9: python built-in SSL module unable to connect to an IIS server (104 Connection reset by peer), but pyopenssl works fine type: behavior versions: Python 3.9 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue46156> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com