requests: requests.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:645)

Here is the first issue. https://github.com/kennethreitz/requests/issues/2906

Python 3.5.1 (https://www.python.org/downloads/) Virtualenv 14.0.5 Mac OS X 10.11.3

First, I created a virtualenv and pip install requests[security]

Then I got

>>> from cryptography.hazmat.backends.openssl.backend import backend
>>> print(backend.openssl_version_text())
OpenSSL 1.0.2f  28 Jan 2016

which was what I expected.

Everything worked great for about an hour.

Then, some of my own scripts crashed which was normal. After that, when I try to run my script again, I got following exceptions

ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:645)

requests.packages.urllib3.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:645)

requests.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:645)

So I opened another Python console and

>>> requests.get("https://www.google.com")
<Response [200]>
>>> requests.get("https://www.telegram.org")
Traceback (most recent call last):
  File "VirtualenvPath/lib/python3.5/site-packages/requests/packages/urllib3/connectionpool.py", line 559, in urlopen
    body=body, headers=headers)
  File "VirtualenvPath/lib/python3.5/site-packages/requests/packages/urllib3/connectionpool.py", line 345, in _make_request
    self._validate_conn(conn)
  File "VirtualenvPath/lib/python3.5/site-packages/requests/packages/urllib3/connectionpool.py", line 784, in _validate_conn
    conn.connect()
  File "VirtualenvPath/lib/python3.5/site-packages/requests/packages/urllib3/connection.py", line 252, in connect
    ssl_version=resolved_ssl_version)
  File "VirtualenvPath/lib/python3.5/site-packages/requests/packages/urllib3/util/ssl_.py", line 305, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/ssl.py", line 376, in wrap_socket
    _context=self)
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/ssl.py", line 747, in __init__
    self.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/ssl.py", line 983, in do_handshake
    self._sslobj.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/ssl.py", line 628, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "VirtualenvPath/lib/python3.5/site-packages/requests/adapters.py", line 376, in send
    timeout=timeout
  File "VirtualenvPath/lib/python3.5/site-packages/requests/packages/urllib3/connectionpool.py", line 588, in urlopen
    raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "VirtualenvPath/lib/python3.5/site-packages/requests/api.py", line 67, in get
    return request('get', url, params=params, **kwargs)
  File "VirtualenvPath/lib/python3.5/site-packages/requests/api.py", line 53, in request
    return session.request(method=method, url=url, **kwargs)
  File "VirtualenvPath/lib/python3.5/site-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "VirtualenvPath/lib/python3.5/site-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "VirtualenvPath/lib/python3.5/site-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:645)
>>>

So I rebooted, uninstalled all these libs and pip install them again. Everything worked again.

But after 1 hour or so, same exception again.

About this issue

Original URL
State: closed
Created 8 years ago
Comments: 77 (33 by maintainers)

Commits related to this issue

Adding credit https://github.com/kennethreitz/requests/issues/3006 directly helped with one particular fix. Adding credit. — committed to danclegg/python-CAS-RESTful-client by danclegg 8 years ago
Try installing pyopenssl https://github.com/requests/requests/issues/3006 — committed to rtlee9/comparatory-api by rtlee9 7 years ago

Most upvoted comments

pip install --force-reinstall requests[security] solved it for me.

+13

xgt001 on Oct 21, 2016

@the-efi Do you have pyopenssl, pyasn1, and ndg-httpsclient installed?

+13

Lukasa on Feb 19, 2016

Ok, so the easiest way for you to fix this up is to run python3 -m pip install pyopenssl pyasn1 ndg-httpsclient. That should fix your problem, but if it doesn’t we can pursue more aggressive options.

+11

Lukasa on Jun 17, 2016

You’re another person who is winning our competition of who can attempt to contact the worst HTTPS server in the world. This server is awfully configured, it is entirely insecure. The reason you’re encountering this problem is because Requests no longer supports any of the cipher suites this server supports because they’re all either weak or insecure. In the first instance I recommend you attempt to pressure someone to fix the server, but if you really must contact it you can re-add 3DES like this.

Lukasa on Feb 2, 2017

Any update on this one? It happens quite a lot when working with aws.

mindw on May 21, 2016

Hi guys! Got this errors too. Using python3 and installing the combo (pyopenssl ndg-httpsclient pyasn1 urllib3) did the trick. But i go curious how python2.7 behaved on OS X and Ubuntu:

Scenario 001

python: 2.7
requests: 2.3.0
pyopenssl ndg-httpsclient pyasn1 urllib3: Not installed
virtualenv: 1.11.6
OS: OS X El Captain 10.11.6 (15G1217)
OpenSSL: 0.9.8zh 14 Jan 2016

Error

Traceback (most recent call last):
  File "loanpro_doc_uploader.py", line 113, in <module>
    run()
  File "loanpro_doc_uploader.py", line 109, in run
    loanpro = LoanPro(args.env, args.folder)
  File "loanpro_doc_uploader.py", line 36, in __init__
    self.get_all_customforms_data()
  File "loanpro_doc_uploader.py", line 69, in get_all_customforms_data
    resp = requests.get(url, headers=headers)
  File "/Users/vyscond/Projects/razorvision/loan-documents/env/lib/python2.7/site-packages/requests/api.py", line 55, in get
    return request('get', url, **kwargs)
  File "/Users/vyscond/Projects/razorvision/loan-documents/env/lib/python2.7/site-packages/requests/api.py", line 44, in request
    return session.request(method=method, url=url, **kwargs)
  File "/Users/vyscond/Projects/razorvision/loan-documents/env/lib/python2.7/site-packages/requests/sessions.py", line 456, in request
    resp = self.send(prep, **send_kwargs)
  File "/Users/vyscond/Projects/razorvision/loan-documents/env/lib/python2.7/site-packages/requests/sessions.py", line 559, in send
    r = adapter.send(request, **kwargs)
  File "/Users/vyscond/Projects/razorvision/loan-documents/env/lib/python2.7/site-packages/requests/adapters.py", line 382, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:590)

Scenario 002

python: 3.4
requests: 2.12.5
pyopenssl ndg-httpsclient pyasn1 urllib3: Not installed
virtualenv: 1.11.6
OS: OS X El Captain 10.11.6 (15G1217)
OpenSSL: 0.9.8zh 14 Jan 2016

Error

Traceback (most recent call last):
  File "/Users/vyscond/Projects/razorvision/loan-documents/env3/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/Users/vyscond/Projects/razorvision/loan-documents/env3/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 350, in _make_request
    self._validate_conn(conn)
  File "/Users/vyscond/Projects/razorvision/loan-documents/env3/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 835, in _validate_conn
    conn.connect()
  File "/Users/vyscond/Projects/razorvision/loan-documents/env3/lib/python3.4/site-packages/requests/packages/urllib3/connection.py", line 323, in connect
    ssl_context=context)
  File "/Users/vyscond/Projects/razorvision/loan-documents/env3/lib/python3.4/site-packages/requests/packages/urllib3/util/ssl_.py", line 324, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/ssl.py", line 365, in wrap_socket
    _context=self)
  File "/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/ssl.py", line 583, in __init__
    self.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.4/lib/python3.4/ssl.py", line 810, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:600)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/vyscond/Projects/razorvision/loan-documents/env3/lib/python3.4/site-packages/requests/adapters.py", line 423, in send
    timeout=timeout
  File "/Users/vyscond/Projects/razorvision/loan-documents/env3/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 624, in urlopen
    raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:600)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "loanpro_doc_uploader.py", line 113, in <module>
    run()
  File "loanpro_doc_uploader.py", line 109, in run
    loanpro = LoanPro(args.env, args.folder)
  File "loanpro_doc_uploader.py", line 36, in __init__
    self.get_all_customforms_data()
  File "loanpro_doc_uploader.py", line 69, in get_all_customforms_data
    resp = requests.get(url, headers=headers)
  File "/Users/vyscond/Projects/razorvision/loan-documents/env3/lib/python3.4/site-packages/requests/api.py", line 70, in get
    return request('get', url, params=params, **kwargs)
  File "/Users/vyscond/Projects/razorvision/loan-documents/env3/lib/python3.4/site-packages/requests/api.py", line 56, in request
    return session.request(method=method, url=url, **kwargs)
  File "/Users/vyscond/Projects/razorvision/loan-documents/env3/lib/python3.4/site-packages/requests/sessions.py", line 488, in request
    resp = self.send(prep, **send_kwargs)
  File "/Users/vyscond/Projects/razorvision/loan-documents/env3/lib/python3.4/site-packages/requests/sessions.py", line 609, in send
    r = adapter.send(request, **kwargs)
  File "/Users/vyscond/Projects/razorvision/loan-documents/env3/lib/python3.4/site-packages/requests/adapters.py", line 497, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:600)

Scenario 004

python: 2.7
requests: 2.12.5
pyopenssl ndg-httpsclient pyasn1 urllib3: Not Installed
OS: Ubuntu 14.4 (Dockerized)
OpenSSL: not installed

Error is gone

Scenario 003

python: 3.4
requests: 2.12.5
pyopenssl ndg-httpsclient pyasn1 urllib3: Installed
virtualenv: 1.11.6
OS: OS X El Captain 10.11.6 (15G1217)
OpenSSL: 0.9.8zh 14 Jan 2016

Error is gone

ghost on Jan 20, 2017

This almost certainly means the ciphers being offered to the remote peer are not acceptable. If you use openssl s_client -connect <host>:<port> to the website you’re trying to contact, can you tell me what the output is? (Please make sure to do so with the OpenSSL 1.0.2g you’re using).

Lukasa on Dec 2, 2016

Having the same exception on Python 2.7.11/OSX when pounding a server with requests under gevent. Could this be related?

the-efi on Feb 19, 2016

@Lukasa I think since requests is shipped with its own urllib3, I could not import urllib3 alone. And the following result confirms it.

Python 3.5.1 (v3.5.1:37a07cee5969, Dec  5 2015, 21:12:44) 
[GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import urllib3.contrib.pyopenssl
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ImportError: No module named 'urllib3'
>>> ^D




pip list
cffi (1.5.0)
cryptography (1.2.2)
idna (2.0)
ndg-httpsclient (0.4.0)
pip (8.0.2)
pyasn1 (0.1.9)
pycparser (2.14)
pyOpenSSL (0.15.1)
requests (2.9.1)
setuptools (20.0)
six (1.10.0)
wheel (0.26.0)

caizixian on Feb 12, 2016

Just as an FYI, this error also occurs when SSL isn’t enabled on the server you’re connecting to.

cgoodric on Aug 21, 2019

I was having this issue on Mac OSX Sierra v 10.12.0. Tried everything on this thread, didn’t work. Finally upgraded my OS to v10.12.6 and the issue went away.

akashagarwal19 on Sep 11, 2017

I came across the same bug AFTER switching to aws and putting the app behind an elastic loadbalancer, never occured before.

I have urllib3 installed as well.

Is there hope for installing pyopenssl? I tried and there were lot’s of c-level errors (which may be cause of some missing parts in my docker image).

[2016-06-29 02:27:59,932: CRITICAL/MainProcess] Task ventures.tasks.cache_warmup[ae2c97eb-3b28-4896-8d0f-42f712115707] INTERNAL ERROR: SSLError(SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:645)'),),)
Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/celery/app/trace.py", line 253, in trace_task
    I, R, state, retval = on_error(task_request, exc, uuid)
  File "/usr/local/lib/python3.5/dist-packages/celery/app/trace.py", line 201, in on_error
    R = I.handle_error_state(task, eager=eager)
  File "/usr/local/lib/python3.5/dist-packages/celery/app/trace.py", line 85, in handle_error_state
    }[self.state](task, store_errors=store_errors)
  File "/usr/local/lib/python3.5/dist-packages/celery/app/trace.py", line 125, in handle_failure
    einfo=einfo)
  File "/usr/local/lib/python3.5/dist-packages/celery/utils/dispatch/signal.py", line 166, in send
    response = receiver(signal=self, sender=sender, **named)
  File "/srv/core/celery.py", line 31, in notify_task_failure
    """.format(sender, exception, args, kwargs))
  File "/usr/lib/python3.5/logging/__init__.py", line 1308, in error
    self._log(ERROR, msg, args, **kwargs)
  File "/usr/lib/python3.5/logging/__init__.py", line 1415, in _log
    self.handle(record)
  File "/usr/lib/python3.5/logging/__init__.py", line 1425, in handle
    self.callHandlers(record)
  File "/usr/lib/python3.5/logging/__init__.py", line 1487, in callHandlers
    hdlr.handle(record)
  File "/usr/lib/python3.5/logging/__init__.py", line 855, in handle
    self.emit(record)
  File "/srv/core/management/logger/slack.py", line 28, in emit
    notify_slack(message, channel)
  File "/usr/local/lib/python3.5/dist-packages/celery/local.py", line 188, in __call__
    return self._get_current_object()(*a, **kw)
  File "/usr/local/lib/python3.5/dist-packages/celery/app/trace.py", line 439, in __protected_call__
    return orig(self, *args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/celery/app/task.py", line 420, in __call__
    return self.run(*args, **kwargs)
  File "/srv/core/tasks.py", line 66, in notify_slack
    data=json.dumps(payload), headers={'Content-Type': 'application/json'}
  File "/usr/local/lib/python3.5/dist-packages/requests/api.py", line 107, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/requests/api.py", line 53, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.5/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:645)

pip freeze:

amqp==1.4.9
analytics-python==1.1.0
anyjson==0.3.3
beautifulsoup4==4.4.1
billiard==3.3.0.23
bleach==1.4.2
boto==2.39.0
celery==3.1.23
Django==1.8.13
django-appconf==1.0.2
django-compressor==2.0
django-countries==3.4.1
django-filter==0.13.0
django-haystack==2.5.dev0
django-htmlmin==0.9.0
django-modelcluster==1.1
django-overextends==0.4.1
django-redis==4.3.0
django-rest-swagger==0.3.5
django-storages-redux==1.3.2
django-taggit==0.18.3
django-treebeard==4.0.1
djangorestframework==3.3.3
docopt==0.4.0
docutils==0.12
drf-extensions==0.2.8
dropbox==4.0
elasticsearch==1.8.0
et-xmlfile==1.0.1
geopy==1.11.0
google-api-python-client==1.5.0
gunicorn==19.4.5
hiredis==0.2.0
html5lib==0.9999999
httplib2==0.9.2
jdcal==1.2
jsonfield==1.0.3
kombu==3.0.35
mandrill==1.0.57
Markdown==2.6.5
mock==1.0.1
numpy==1.11.0
oauth2client==2.2.0
openpyxl==2.3.4
Pillow==3.1.1
psycopg2==2.6.1
pyasn1==0.1.9
pyasn1-modules==0.0.8
pycurl==7.43.0
pygobject==3.20.0
PyMySQL==0.7.2
python-apt==1.1.0b1
python-dateutil==2.5.3
pytz==2016.4
PyYAML==3.11
rcssmin==1.0.6
redis==2.10.5
requests==2.9.1
rjsmin==1.0.12
rsa==3.4.2
simplejson==3.8.2
six==1.10.0
sphinx-me==0.3
unattended-upgrades==0.1
Unidecode==0.4.19
uritemplate==0.6
urllib3==1.16
wagtail==1.4.5
Willow==0.3.1

python3 -c "from requests.packages.urllib3.contrib import pyopenssl; pyopenssl.inject_into_urllib3()"
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/local/lib/python3.5/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 49, in <module>
    from ndg.httpsclient.ssl_peer_verification import SUBJ_ALT_NAME_SUPPORT
ImportError: No module named 'ndg'

shredding on Jun 29, 2016