ssl SSLError tlsv1 alert protocol version

Question

I m using the REST API for a Cisco CMX device  and trying to write Python code which makes a GET request to the API for information  The code is as follows and is the same as that in the file except with the necessary information changed   from http client import HTTPSConnection from base64 import b64encode     Create HTTPS connection c   HTTPSConnection  0 0 0 0      encode as Base64   decode to ascii  python3 stores as byte string  need to pass as ascii  value for auth  username password   b64encode b admin password   decode  ascii   headers     Authorization    Basic  0   format username password      connect and ask for resource c request  GET     api config v1 aaa users   headers headers     response res   c getresponse    data   res read     However  I am continuously getting the following error    Traceback  most recent call last     File   Users finaris PycharmProjects test test test py   line 14  in  lt module gt      c request  GET     api config v1 aaa users   headers headers    File   Library Frameworks Python framework Versions 3 5 lib python3 5 http client py   line 1106  in request     self  send request method  url  body  headers    File   Library Frameworks Python framework Versions 3 5 lib python3 5 http client py   line 1151  in  send request     self endheaders body    File   Library Frameworks Python framework Versions 3 5 lib python3 5 http client py   line 1102  in endheaders     self  send output message body    File   Library Frameworks Python framework Versions 3 5 lib python3 5 http client py   line 934  in  send output     self send msg    File   Library Frameworks Python framework Versions 3 5 lib python3 5 http client py   line 877  in send     self connect     File   Library Frameworks Python framework Versions 3 5 lib python3 5 http client py   line 1260  in connect     server hostname server hostname    File   Library Frameworks Python framework Versions 3 5 lib python3 5 ssl py   line 377  in wrap socket      context self    File   Library Frameworks Python framework Versions 3 5 lib python3 5 ssl py   line 752  in   init       self do handshake     File   Library Frameworks Python framework Versions 3 5 lib python3 5 ssl py   line 988  in do handshake     self  sslobj do handshake     File   Library Frameworks Python framework Versions 3 5 lib python3 5 ssl py   line 633  in do handshake     self  sslobj do handshake   ssl SSLError   SSL  TLSV1 ALERT PROTOCOL VERSION  tlsv1 alert protocol version   ssl c 645    I also tried updating OpenSSL but that had no effect

User · Accepted Answer

I had the same error and google brought me to this question, so here is what I did, hoping that it helps others in a similar situation.

This is applicable for OS X.

Check in the Terminal which version of OpenSSL I had:

$ python3 -c "import ssl; print(ssl.OPENSSL_VERSION)"
>> OpenSSL 0.9.8zh 14 Jan 2016

As my version of OpenSSL was too old, the accepted answer did not work.

So I had to update OpenSSL. To do this, I updated Python to the latest version (from version 3.5 to version 3.6) with Homebrew, following some of the steps suggested here:

$ brew update
$ brew install openssl
$ brew install python3

Then I was having problems with the PATH and the version of python being used, so I just created a new virtualenv making sure that the newest version of python was taken:

$ virtualenv webapp --python=python3.6

Issue solved.

User · Answer

For Mac OS X  1  Update to Python 3 6 5 using the native app installer downloaded from the official Python language website https   www python org downloads    I ve found that the installer is taking care of updating the links and symlinks for the new Python a lot better than homebrew    2  Install a new certificate using    Install Certificates command  which is in the refreshed Python 3 6 directory    gt  cd   Applications Python 3 6    gt  sudo    Install Certificates command

User · Answer

As of July 2018  Pypi now requires that clients connecting to it use TLS 1 2  This is an issue if you re using the version of python shipped with MacOS  2 7 10  because it only supports TLS 1 0  You can change the version of ssl that python is using to fix the problem or upgrade to a newer version of python  Use homebrew to install the new version of python outside of the default library location    brew install python 2

User · Answer

I believe TLSV1 ALERT PROTOCOL VERSION is alerting you that the server doesn t want to talk TLS v1 0  to you  Try to specify TLS v1 2 only by sticking in these lines   import ssl context   ssl SSLContext ssl PROTOCOL TLSv1 2     Create HTTPS connection c   HTTPSConnection  0 0 0 0   context context    Note  you may need sufficiently new versions of Python  2 7 9  perhaps   and possibly OpenSSL  I have  OpenSSL 1 0 2k  26 Jan 2017  and the above seems to work  YMMV

User · Answer

The only thing you have to do is to install requests security  in your virtualenv  You should not have to use Python 3  it should work in Python 2 7   Moreover  if you are using a recent version of macOS  you don t have to use homebrew to separately install OpenSSL either     virtualenv --python  usr bin python tempenv    uses system python     tempenv bin activate   pip install requests   python  gt  gt  gt  import ssl  gt  gt  gt  ssl OPENSSL VERSION  OpenSSL 0 9 8zh 14 Jan 2016     this is the built-in openssl  gt  gt  gt  import requests  gt  gt  gt  requests get  https   api github com users octocat orgs   requests exceptions SSLError  HTTPSConnectionPool host  api github com   port 443   Max retries exceeded with url   users octocat orgs  Caused by SSLError SSLError 1  u  SSL  TLSV1 ALERT PROTOCOL VERSION  tlsv1 alert protocol version   ssl c 590         pip install  requests security     python    install requests security  and try again  gt  gt  gt  import requests  gt  gt  gt  requests get  https   api github com users octocat orgs    lt Response  200  gt    requests security  allows requests to use the latest version of TLS when negotiating the connection  The built-in openssl on macOS supports TLS v1 2      Before you install your own version of OpenSSL  ask this question  how is Google Chrome loading https   github com

User · Answer

For python2 users on MacOS  python 2 formula won t be found   as brew stopped support of python2 you need to use such command   But don t forget to unlink old python if it was pre-installed   brew install https   raw githubusercontent com Homebrew homebrew-core 86a44a0a552c673a05f11018459c9f5faae3becc Formula python 2 rb   If you ve done some mistake  simply brew uninstall python 2 old way  and try again   thank you hyperknot  answer here

User · Answer

Another source of this problem   I found that in Debian 9  the Python httplib2 is hardcoded to insist on TLS v1 0   So any application that uses httplib2 to connect to a server that insists on better security fails with TLSV1 ALERT PROTOCOL VERSION   I fixed it by changing  context   ssl SSLContext ssl PROTOCOL TLSv1    to  context   ssl SSLContext     in  usr lib python3 dist-packages httplib2   init   py    Debian 10 doesn t have this problem

User · Answer

None of the accepted answers pointed me in the right direction  and this is still the question that comes up when searching the topic  so here s my  partially  successful saga   Background  I run a Python script on a Beaglebone Black that polls the cryptocurrency exchange Poloniex using the python-poloniex library  It suddenly stopped working with the TLSV1 ALERT PROTOCOL VERSION error   Turns out that OpenSSL was fine  and trying to force a v1 2 connection was a huge wild goose chase - the library will use the latest version as necessary  The weak link in the chain was actually Python  which only defined ssl PROTOCOL TLSv1 2  and therefore started supporting TLS v1 2  since version 3 4   Meanwhile  the version of Debian on the Beaglebone considers Python 3 3 the latest  The workaround I used was to install Python 3 5 from source  3 4 might have eventually worked too  but after hours of trial and error I m done    sudo apt-get install build-essential checkinstall sudo apt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev wget https   www python org ftp python 3 5 4 Python-3 5 4 tgz sudo tar xzf Python-3 5 4 tgz cd Python-3 5 4   configure sudo make altinstall   Maybe not all those packages are strictly necessary  but installing them all at once saves a bunch of retries  The altinstall prevents the install from clobbering existing python binaries  installing as python3 5 instead  though that does mean you have to re-install additional libraries  The   configure took a good five or ten minutes  The make took a couple of hours   Now this still didn t work until I finally ran  sudo -H pip3 5 install requests security    Which also installs pyOpenSSL  cryptography and idna  I suspect pyOpenSSL was the key  so maybe pip3 5 install -U pyopenssl would have been sufficient but I ve spent far too long on this already to make sure   So in summary  if you get TLSV1 ALERT PROTOCOL VERSION error in Python  it s probably because you can t support TLS v1 2  To add support  you need at least the following    OpenSSL 1 0 1 Python 3 4 requests security    This has got me past TLSV1 ALERT PROTOCOL VERSION  and now I get to battle with SSL23 GET SERVER HELLO instead   Turns out this is back to the original issue of Python selecting the wrong SSL version  This can be confirmed by using this trick to mount a requests session with ssl version ssl PROTOCOL TLSv1 2  Without it  SSLv23 is used and the SSL23 GET SERVER HELLO error appears  With it  the request succeeds   The final battle was to force TLSv1 2 to be picked when the request is made deep within a third party library  Both this method and this method ought to have done the trick  but neither made any difference  My final solution is horrible  but effective  I edited  usr local lib python3 5 site-packages urllib3 util ssl  py and changed  def resolve ssl version candidate               like resolve cert reqs             if candidate is None          return PROTOCOL SSLv23      if isinstance candidate  str           res   getattr ssl  candidate  None          if res is None              res   getattr ssl   PROTOCOL     candidate          return res      return candidate   to  def resolve ssl version candidate               like resolve cert reqs             if candidate is None          return ssl PROTOCOL TLSv1 2      if isinstance candidate  str           res   getattr ssl  candidate  None          if res is None              res   getattr ssl   PROTOCOL     candidate          return res      return candidate   and voila  my script can finally contact the server again

User · Answer

I got this problem too  In macos  here is the solution    Step 1  brew restall python  now you got python3 7 instead of the old python Step 2  build the new env base on python3 7  my path is  usr local Cellar python 3 7 2 bin python3 7   now  you ll not being disturbed by this problem

User · Answer

I encountered this exact issue when I attempted gem install bundler  and I was confused by all the Python responses  since I was using Ruby    Here was my exact error   ERROR   Could not find a valid gem  bundler    gt   0   here is why            Unable to download data from https   rubygems org  - SSL connect returned 1 errno 0 state SSLv2 v3 read server hello A  tlsv1 alert protocol version  https   rubygems org latest specs 4 8 gz    My solution  I updated Ruby to the most recent version  2 6 5    Problem solved

[python] ssl.SSLError: tlsv1 alert protocol version

Examples related to python

Examples related to ssl

Examples related to https

Examples related to cisco