jkbrzt
commented
1 year ago @br3ndonland thanks for the PR! I didn’t notice it until merging another one, but then updated the code with your approach. Fixed in v3.2.2.
Closed br3ndonland closed 1 year ago
jkbrzt
commented
1 year ago @br3ndonland thanks for the PR! I didn’t notice it until merging another one, but then updated the code with your approach. Fixed in v3.2.2.
Description
urllib3 2.0 was released on 2023-04-26. One of the changes was the removal of
urllib3.util.ssl_.DEFAULT_CIPHERS. urllib3 now detects and uses the default ciphers configured by the system (https://github.com/urllib3/urllib3/issues/2168, https://github.com/urllib3/urllib3/pull/2705).Requests currently allows
urllib3>=1.21.1,<3. HTTPie has an indirect dependency on urllib3 (through Requests), and currently imports theDEFAULT_CIPHERSconstant and uses it to populate CLI help text for the--ciphersflag.https://github.com/httpie/httpie/blob/47e9b99ba19b2a9d3e0098726fff4469b9dd6bb0/httpie/ssl_.py#L6-L12
https://github.com/httpie/httpie/blob/47e9b99ba19b2a9d3e0098726fff4469b9dd6bb0/httpie/cli/definition.py#L830-L837
This means that users who install HTTPie with
urllib3>=2will see anImportError(httpie/httpie#1499).Changes
This PR will update HTTPie to catch the
ImportErrorand assemble a list of default ciphers in the OpenSSL cipher list format.Please note that GitHub Actions workflow runs appear to be failing because of pre-existing errors, not necessarily because of the changes in this PR.
Longer-term, it would be prudent to avoid importing from private modules in indirect dependencies.
If it is going to take some time to support urllib3 2.0, it could also be helpful to declare a direct dependency on
urllib3>1,<2insetup.py.Related