Issue43000
Created on 2021-01-22 04:46 by darrenrs, last changed 2021-01-22 08:05 by christian.heimes.
Messages (2) | |||
---|---|---|---|
msg385476 - (view) | Author: Darren Skidmore (darrenrs) | Date: 2021-01-22 04:46 | |
As of Python 3.9.1, when attempting to perform any SSL requests when a packet sniffer tool (e.g. Telerik Fiddler) is intercepting SSL traffic, the program will hang for about a minute and then crash with a WRONG_VERSION_NUMBER error. This has been tested to occur with urllib2 and requests modules. Alternatives such as verify=False and adding the Fiddler Root Certificate to Python's cacert.pem file do not rectify this error. This traceback was generated when attempting to access https://example.com:443 while Fiddler 5.0.20204.45441 was open: Traceback (most recent call last): File "C:\Users\Darren\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connectionpool.py", line 696, in urlopen self._prepare_proxy(conn) File "C:\Users\Darren\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connectionpool.py", line 964, in _prepare_proxy conn.connect() File "C:\Users\Darren\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connection.py", line 359, in connect conn = self._connect_tls_proxy(hostname, conn) File "C:\Users\Darren\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\connection.py", line 496, in _connect_tls_proxy return ssl_wrap_socket( File "C:\Users\Darren\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\util\ssl_.py", line 432, in ssl_wrap_socket ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls) File "C:\Users\Darren\AppData\Local\Programs\Python\Python39\lib\site-packages\urllib3\util\ssl_.py", line 474, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock) File "C:\Users\Darren\AppData\Local\Programs\Python\Python39\lib\ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "C:\Users\Darren\AppData\Local\Programs\Python\Python39\lib\ssl.py", line 1040, in _create self.do_handshake() File "C:\Users\Darren\AppData\Local\Programs\Python\Python39\lib\ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1123) This exact question has recently been asked on StackOverflow: https://stackoverflow.com/questions/65516325/ssl-wrong-version-number-on-python-request |
|||
msg385483 - (view) | Author: Christian Heimes (christian.heimes) * ![]() |
Date: 2021-01-22 08:05 | |
I'm not familiar with Telerik Fiddler and don't have access to the tool. From the description on its Wikipedia page, it sounds like the tool is an active interceptor that uses a man-in-the-middle attack approach. Python's ssl module wraps OpenSSL. All steps of the TLS handshake are performed by OpenSSL code. Your connection issue is most likely an incompatibility between recent OpenSSL 1.1.1 and your tool. I recommend that you contact the vendor of your tool. The ssl module supports passive introspection of TLS connections with SSLKEYLOGFILE. The format is supported by Wireshark and other tools. |
History | |||
---|---|---|---|
Date | User | Action | Args |
2021-01-22 08:05:16 | christian.heimes | set | messages: + msg385483 |
2021-01-22 04:46:13 | darrenrs | create |