Unable to open URLs that strictly require SSLv3

[chrisspen]

Attempting to open a site configured with an SSL3 certificate (e.g. https://www1.pplweb.com/) results in the unhelpful error:

  File "/usr/local/lib/python2.7/dist-packages/mechanize/_mechanize.py", line 203, in open
    return self._mech_open(url, data, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/mechanize/_mechanize.py", line 230, in _mech_open
    response = UserAgentBase.open(self, request, data)
  File "/usr/local/lib/python2.7/dist-packages/mechanize/_opener.py", line 193, in open
    response = urlopen(self, req, data)
  File "/usr/local/lib/python2.7/dist-packages/mechanize/_urllib2_fork.py", line 344, in _open
    '_open', req)
  File "/usr/local/lib/python2.7/dist-packages/mechanize/_urllib2_fork.py", line 332, in _call_chain
    result = func(*args)
  File "/usr/local/lib/python2.7/dist-packages/mechanize/_urllib2_fork.py", line 1170, in https_open
    return self.do_open(conn_factory, req)
  File "/usr/local/lib/python2.7/dist-packages/mechanize/_urllib2_fork.py", line 1118, in do_open
    raise URLError(err)
URLError: <urlopen error [Errno 1] _ssl.c:504: error:140773E8:SSL routines:SSL23_GET_SERVER_HELLO:reason(1000)>

Researching this error finds few results, but in this bug report Senthil Kumaran suggests "The problem is the server strictly accepts SSLv3 only and urllib and http.client send SSLv23 protocol."

He also provides a workaround, in the form of a custom HTTPSHandler, but this only works for Python's urllib. I'm unsure how to replicate this for mechanize's browser object.

Does mechanize support SSL3? If so, how do you instruct mechanize to use PROTOCOL_SSLv3 for https connections?

[mikewebkist]

I forked the mechanize repo and fixed the SSLv3 issue. It tries SSLv3 first, then falls back to SSLv23. See diff here: https://github.com/mikewebkist/mechanize/commit/5d41022b6eec58a6bdd7704841bdffe731871bd5

[chrisspen]

Thanks Mike.