requests.exceptions.SSLError: [Errno 8] _ssl.c:507: EOF occurred in violation of protocol

[kaji-bikash]

HTTPie 1.0.0-dev
HTTPie data: /Users/kaji/.httpie
Requests 2.5.3
Pygments 2.0.2
Python 2.7.6 (default, Sep  9 2014, 15:04:36)
[GCC 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.39)] darwin
Not every SSL website shows though. So, it is tricky. From browser , it is working fine.

>>> requests.request({'allow_redirects': False,
 'auth': None,
 'cert': None,
 'data': OrderedDict(),
 'files': DataDict(),
 'headers': {'User-Agent': 'HTTPie/1.0.0-dev'},
 'method': 'get',
 'params': ParamsDict(),
 'proxies': {},
 'stream': True,
 'timeout': 30,
 'url': u'https://apissl.example.com',
 'verify': True})

Traceback (most recent call last):
  File "/usr/local/bin/http", line 9, in <module>
    load_entry_point('httpie==1.0.0-dev', 'console_scripts', 'http')()
  File "/Library/Python/2.7/site-packages/httpie/core.py", line 112, in main
    response = get_response(args, config_dir=env.config.directory)
  File "/Library/Python/2.7/site-packages/httpie/client.py", line 41, in get_response
    response = requests_session.request(**kwargs)
  File "/Library/Python/2.7/site-packages/requests/sessions.py", line 461, in request
    resp = self.send(prep, **send_kwargs)
  File "/Library/Python/2.7/site-packages/requests/sessions.py", line 573, in send
    r = adapter.send(request, **kwargs)
  File "/Library/Python/2.7/site-packages/requests/adapters.py", line 431, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [Errno 8] _ssl.c:507: EOF occurred in violation of protocol

[jkbrzt]

@kajisaap what URL was it? apissl.example.com doesn't resolve.

[kaji-bikash]

@jakubroztocil I would paste it but I hate to see company's URL in public issue listing. That's why i pasted the debug log. how do i message you privately if api endpoint URL is critical for debugging purposes ?

[kaji-bikash]

@jakubroztocil , assuming the similarity here https://github.com/kennethreitz/requests/issues/2056

[jkbrzt]

Seems like an upstream issue. Try installing those packages mentioned in the linked issue.

[sigmavirus24]

Try

$ pip install --force-reinstall requests[security]

@kajisaap please email me the URL so I can give you better help with this. My email is on my profile page.

[kaji-bikash]

@sigmavirus24 sudo pip install --force-reinstall 'requests[security]' --upgrade didnot help. I am in Yosemite 10.10.2 if system information might make the difference

[sigmavirus24]

@kajisaap can you comment with openssl version too?

Side note: @jakubroztocil your debug call to requests is faulty. requests.request won't accept that dictionary. It needs to be requests.request(**{ #... for what it's worth.

[sigmavirus24]

@kajisaap also python -c 'import ssl; print(ssl.OPENSSL_VERSION)'

[kaji-bikash]

$>python -c 'import ssl; print(ssl.OPENSSL_VERSION)'                                                                                         
OpenSSL 0.9.8zc 15 Oct 2014

[jkbrzt]

@sigmavirus24 thanks, fixed

[sigmavirus24]

So I have 0 problems with the website on python 3.4.2. So this would seem to be an SNI issue. For reference, this is my openssl version:

>>> import ssl
>>> print(ssl.OPENSSL_VERSION)
OpenSSL 1.0.1l 15 Jan 2015

But also, I only have requests installed.

On python 2.7.9 the same works with the same openssl version. Interestingly enough, installing requests[security] in a temporary virtualenv on py2.7.9 fails though (and provides a different error because pyOpenSSL's SysCallError doesn't have a __str__ method defined that returns properly formatted str). That error is also due to a handshake failure. I would either upgrade to python 2.7.9 (via brew or Python.org) and upgrade openssl (via brew and force-linking). I'm also on OSX 10.10

[mathiasbynens]

Smells like a duplicate of #262 / #288.

[sigmavirus24]

@mathiasbynens this doesn't have anything to do with SNI as best as I can tell. That said @kajisaap has stopped responding so I'm :+1: for closing this as incomplete.

[mathiasbynens]

@sigmavirus24 I’m confused — you just said “So this would seem to be an SNI issue” in your previous comment.

[davidbgk]

I confirm that I have this error too:

$ http https://larlet.fr

http: error: SSLError: [Errno 8] _ssl.c:507: EOF occurred in violation of protocol

With that version of OpenSSL and HTTPie:

$ python -c 'import ssl; print(ssl.OPENSSL_VERSION)'
OpenSSL 1.0.2 22 Jan 2015
$ http --version
0.9.2

I forced reinstall with requests' security module without any improvement.

[blinsay]

I'm having the same issue trying to hit a hello-world Dropwizard app on localhost (the expected response is an empty JSON array).

$ http --verify=no https://localhost:8443/hello

http: error: SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",) while doing GET request to URL: https://localhost:8443/hello
$ curl -k https://localhost:8443/hello
[]

[iloveitaly]

I'm still seeing this:

$ python --version
Python 2.7.11
$ python -c 'import ssl; print(ssl.OPENSSL_VERSION)'
OpenSSL 1.0.2f  28 Jan 2016

I tried force reinstalling requests' security module: no joy.

[grimbertf]

hello, I have the samme issue with python 2.7.9 and Requests module when execute r = requests.get(url=urloo,headers=self.headers, verify=False) with urloo = https://10.xxx.xx.xxxx:yyyyy/oo/rest/latest/executions/21589456/summary the request return : File "C:\Applications\Python27\lib\site-packages\requests-2.9.1-py2.7.egg\requests\adapters.py", line 447, in send raise SSLError(e, request=request) requests.exceptions.SSLError: [Errno 8] _ssl.c:507: EOF occurred in violation of protocol The verify header is positionned to False

[chulkilee]

maybe related to kennethreitz/requests#3006

[nicopal]

Does someone experience this issue with Python 2.7.6? If not, this could be related: http://stackoverflow.com/questions/32330919/python-ssl-ssl-sslerror-ssl-unsupported-protocol-unsupported-protocol-ssl

[xgt001]

I was able to resolve this by doing what @sigmavirus24 suggested

pip install --force-reinstall requests[security] This was with python 2.7.10 on macOS Sierra 10.12

[jkbrzt]

https://github.com/jkbrzt/httpie#sni-server-name-indication

[vorburger]

I've just hit this problem on https://github.com/apache/fineract/pull/644, with whatever versions apt-get install httpie installs on Travis CI (with dist: trusty). Using --verify=no (NOT --verify no !) fixed it. (You will NOT want to use this for a public website with SSL; in my case, it was just for a https://localhost:8443/... with a self signed certificate.)

https://github.com/jkbrzt/httpie#sni-server-name-indication

FYI this anchor seems to have been removed meanwhile.

[addpd]

fixed 👍