Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.9k views
in Technique[技术] by (71.8m points)

ssl - Python SSLError, sslv3 alert handshake failure, for wallhaven.cc

Python Version: 3.5.2

OS: OS X 10.12

OpenSSL Version: OpenSSL 1.1.0b 26 Sep 2016

I'm trying to requests "https://alpha.wallhaven.cc".

import urllib.request
init_page=urllib.request.urlopen("https://alpha.wallhaven.cc")

Then get

ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:645)

and

During handling of the above exception, another exception occurred:
...
urllib.error.URLError: <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:645)>

The following solutions don't work:

import requests.packages.urllib3.util.ssl_
requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS='ALL'

import ssl
ssl._create_default_https_context = ssl._create_unverified_context

import requests
print(requests.get("https://alpha.wallhaven.cc",verify=False))

or change /APNSWrapper/connection.py line 131:

ssl_version = self.ssl_module.PROTOCOL_SSLv3,

into

ssl_version = self.ssl_module.PROTOCOL_TLSv1,

Then what is the problem? How to solve it? Thanks a lot!

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

OpenSSL Version: OpenSSL 1.1.0b 26 Sep 2016 ... sslv3 alert handshake failure (_ssl.c:645)>

I do not doubt that you have OpenSSL 1.1.0b installed on your system but I doubt that this version is actually used by your python. Usually MacOS has the old version 0.9.8 of OpenSSL installed and unless one compiles python to use another openssl this version will be used, even if other OpenSSL versions are installed somewhere on the system. To check what version of OpenSSL is used by your python:

  import ssl
  print(ssl.OPENSSL_VERSION)

If this shows OpenSSL 1.1.0b... I'm wrong in my assumption but if this shows 0.9.8 I'm right with the following argumentation:

  • handshake failure indicates a problem which is not related to certificate validation.
  • Looking at the SSLLabs report I can see that the server only suppors ECDHE ciphers.
  • ECDHE ciphers are not support by OpenSSL version 0.9.8
  • therefore there are no shared ciphers between client and server and the handshake fails

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...