core: DEFAULT_CIPHERS error from cloud module

The problem

Cant access HA remotely due to defauly_ciphers error, see log:

Logger: homeassistant.setup Source: components/cloud/init.py:9 First occurred: 08:50:41 (3 occurrences) Last logged: 08:50:54

Setup failed for cloud: Unable to import component: cannot import name ‘DEFAULT_CIPHERS’ from ‘urllib3.util.ssl_’ (/usr/local/lib/python3.11/site-packages/urllib3/util/ssl_.py) Setup failed for netatmo: Unable to import component: cannot import name ‘DEFAULT_CIPHERS’ from ‘urllib3.util.ssl_’ (/usr/local/lib/python3.11/site-packages/urllib3/util/ssl_.py) Setup failed for mobile_app: Unable to import component: cannot import name ‘DEFAULT_CIPHERS’ from ‘urllib3.util.ssl_’ (/usr/local/lib/python3.11/site-packages/urllib3/util/ssl_.py) Traceback (most recent call last): File “/usr/src/homeassistant/homeassistant/setup.py”, line 215, in _async_setup_component component = integration.get_component() ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File “/usr/src/homeassistant/homeassistant/loader.py”, line 813, in get_component ComponentProtocol, importlib.import_module(self.pkg_path) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File “/usr/local/lib/python3.11/importlib/init.py”, line 126, in import_module return _bootstrap._gcd_import(name[level:], package, level) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File “<frozen importlib._bootstrap>”, line 1204, in _gcd_import File “<frozen importlib._bootstrap>”, line 1176, in _find_and_load File “<frozen importlib._bootstrap>”, line 1147, in find_and_load_unlocked File “<frozen importlib._bootstrap>”, line 690, in load_unlocked File “<frozen importlib._bootstrap_external>”, line 940, in exec_module File “<frozen importlib._bootstrap>”, line 241, in call_with_frames_removed File “/usr/src/homeassistant/homeassistant/components/cloud/init.py”, line 9, in <module> from hass_nabucasa import Cloud File “/usr/local/lib/python3.11/site-packages/hass_nabucasa/init.py”, line 15, in <module> from .auth import CloudError, CognitoAuth File “/usr/local/lib/python3.11/site-packages/hass_nabucasa/auth.py”, line 11, in <module> import boto3 File “/usr/local/lib/python3.11/site-packages/boto3/init.py”, line 16, in <module> from boto3.session import Session File “/usr/local/lib/python3.11/site-packages/boto3/session.py”, line 17, in <module> import botocore.session File “/usr/local/lib/python3.11/site-packages/botocore/session.py”, line 29, in <module> import botocore.credentials File “/usr/local/lib/python3.11/site-packages/botocore/credentials.py”, line 34, in <module> from botocore.config import Config File “/usr/local/lib/python3.11/site-packages/botocore/config.py”, line 16, in <module> from botocore.endpoint import DEFAULT_TIMEOUT, MAX_POOL_CONNECTIONS File “/usr/local/lib/python3.11/site-packages/botocore/endpoint.py”, line 22, in <module> from botocore.awsrequest import create_request_object File “/usr/local/lib/python3.11/site-packages/botocore/awsrequest.py”, line 24, in <module> import botocore.utils File “/usr/local/lib/python3.11/site-packages/botocore/utils.py”, line 32, in <module> import botocore.httpsession File “/usr/local/lib/python3.11/site-packages/botocore/httpsession.py”, line 10, in <module> from urllib3.util.ssl import ( ImportError: cannot import name ‘DEFAULT_CIPHERS’ from 'urllib3.util.ssl’ (/usr/local/lib/python3.11/site-packages/urllib3/util/ssl.py)

What version of Home Assistant Core has the issue?

core-2023.7.3

What was the last working version of Home Assistant Core?

core-2023.7.0

What type of installation are you running?

Home Assistant OS

Integration causing the issue

No response

Link to integration documentation on our website

No response

Diagnostics information

No response

Example YAML snippet

No response

Anything in the logs that might be useful for us?

Logger: homeassistant.setup
Source: components/cloud/__init__.py:9 
First occurred: 08:50:41 (3 occurrences) 
Last logged: 08:50:54

Setup failed for cloud: Unable to import component: cannot import name 'DEFAULT_CIPHERS' from 'urllib3.util.ssl_' (/usr/local/lib/python3.11/site-packages/urllib3/util/ssl_.py)
Setup failed for netatmo: Unable to import component: cannot import name 'DEFAULT_CIPHERS' from 'urllib3.util.ssl_' (/usr/local/lib/python3.11/site-packages/urllib3/util/ssl_.py)
Setup failed for mobile_app: Unable to import component: cannot import name 'DEFAULT_CIPHERS' from 'urllib3.util.ssl_' (/usr/local/lib/python3.11/site-packages/urllib3/util/ssl_.py)
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/setup.py", line 215, in _async_setup_component
    component = integration.get_component()
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/loader.py", line 813, in get_component
    ComponentProtocol, importlib.import_module(self.pkg_path)
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<frozen importlib._bootstrap>", line 1204, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1176, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1147, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 690, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 940, in exec_module
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "/usr/src/homeassistant/homeassistant/components/cloud/__init__.py", line 9, in <module>
    from hass_nabucasa import Cloud
  File "/usr/local/lib/python3.11/site-packages/hass_nabucasa/__init__.py", line 15, in <module>
    from .auth import CloudError, CognitoAuth
  File "/usr/local/lib/python3.11/site-packages/hass_nabucasa/auth.py", line 11, in <module>
    import boto3
  File "/usr/local/lib/python3.11/site-packages/boto3/__init__.py", line 16, in <module>
    from boto3.session import Session
  File "/usr/local/lib/python3.11/site-packages/boto3/session.py", line 17, in <module>
    import botocore.session
  File "/usr/local/lib/python3.11/site-packages/botocore/session.py", line 29, in <module>
    import botocore.credentials
  File "/usr/local/lib/python3.11/site-packages/botocore/credentials.py", line 34, in <module>
    from botocore.config import Config
  File "/usr/local/lib/python3.11/site-packages/botocore/config.py", line 16, in <module>
    from botocore.endpoint import DEFAULT_TIMEOUT, MAX_POOL_CONNECTIONS
  File "/usr/local/lib/python3.11/site-packages/botocore/endpoint.py", line 22, in <module>
    from botocore.awsrequest import create_request_object
  File "/usr/local/lib/python3.11/site-packages/botocore/awsrequest.py", line 24, in <module>
    import botocore.utils
  File "/usr/local/lib/python3.11/site-packages/botocore/utils.py", line 32, in <module>
    import botocore.httpsession
  File "/usr/local/lib/python3.11/site-packages/botocore/httpsession.py", line 10, in <module>
    from urllib3.util.ssl_ import (
ImportError: cannot import name 'DEFAULT_CIPHERS' from 'urllib3.util.ssl_' (/usr/local/lib/python3.11/site-packages/urllib3/util/ssl_.py)

Additional information

No response

About this issue

Original URL
State: closed
Created a year ago
Reactions: 6
Comments: 26 (6 by maintainers)

Commits related to this issue

Require responses<=0.23.1 Require responses<=0.23.1 to resolve dependency conflicts (e.g., with Home Assistant integrations) pending upstream resolution https://github.com/getsentry/responses/issu... — committed to krazos/python-forecast.io by krazos a year ago

Most upvoted comments

I had the same issue, which was caused by the custom component pirateweather in my case Overwriting urllib needs to be done each time after you update HA, so it’s only a short time patch

Pirateweather requires https://github.com/ZeevG/python-forecast.io/blob/master/setup.py which requires https://github.com/getsentry/responses Which was released 2 days ago https://github.com/getsentry/responses/releases/tag/0.23.2 with this https://github.com/getsentry/responses/pull/636

It now enforces v2.0 of urllib3 or higher. An issue has been created there about it https://github.com/getsentry/responses/issues/657

What solved it for me:

remove the pirateweather integration from Settings > Devices & Services
remove the integration from HACS
ha core rebuild in SSH

+12

TheFes on Jul 27, 2023

Apologies for chiming into a closed issue, but since I’m the dev behind the custom integration that broke everything, I wanted to apologize for creating this issue and thank @frenck for patching it with a shim. I’m reading through the details now, but from what I can tell I think I should be able to add a fix to my integration that fixes this on my end. Longer term, I’m hoping to get Pirate Weather up to the standard required to submit it as an official integration, which I’m hoping will help to avoid these sorts of problems in the future

alexander0042 on Jul 31, 2023

The issue is caused by the urllib3 version.

2.0.0 (2023-04-26) Removed DEFAULT_CIPHERS, HAS_SNI, USE_DEFAULT_SSLCONTEXT_CIPHERS, from the private module https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#200-2023-04-26

I downgraded urllb3 with pip install --upgrade 'urllib3<2' and all is working fine again.

Banjer on Jul 27, 2023

If you are using the “Advanced SSH & Web Terminal” add-on (I’d recommend it), on its info page, turn off “Protection mode”. For some reason folk think people using Home Assistant need the training wheels on.

apbarratt on Jul 27, 2023

That’s great to hear, would be nice to just have it in the main repository. For the time being I’m wondering about the following (sorry if it does not belong here at all): Couldn’t there be something like a general HACS blog that points out serious issues and fixes? I think people who go the HACS way are happy to tinker a little bit. Personally, I do something completely different in my daily work so I jump in and out of this fun world depending on how much free time I have. When something fundamental breaks like app access and I do not really have time to fix it but still need to make time it creates stress and even more so if I initially have no idea what’s going on. That being said I’m very thankful for everyone who puts so much work into all this, just a bit of streamlined information sharing for crucial issues would be extremely helpful.

jenshenk on Jul 31, 2023

After digging around I found that for the meantime the only solid solution is to install the container from the dev channel

You shouldn’t use or recommend using dev. This fix has been added to the 2023.8.0 beta that is currently running (which is a much safer choice).

I stress tested this by applying multiple restarts and it seems solid now. This experience definitely created some more hesitation for me for just casually updating HA when there’s no real reason

This is not our fault, this is caused by third-party custom integration you are using. We’ve been so kind to add a mitigation for that in the upcoming release, however, that is not needed for Home Assistant itself.

…/Frenck

frenck on Jul 30, 2023

Inspired by the previous answer, somewhat dirty workaround on the HASSIO VM image using the Terminal addon:

docker exec -it homeassistant pip install --upgrade 'urllib3<2'

And then restart HA. Also restores the mobile_app addon. Needs a structural solution tho…

sephiroth1395 on Jul 27, 2023