Includes OpenSSL version and link to wiki in error

[tomcornall]

@robotpony

Looks like:

I think a good place to start for a fix is here: https://github.com/kennethreitz/requests/issues/1847

I think this server refuses connections from clients which announce support for SSLv2 This does not work:

$ openssl s_client -connect www.howsmyssl.com:443  -cipher 'ALL'

While this works:

$ openssl s_client -connect www.howsmyssl.com:443  -cipher 'ALL:!SSLv2'

Modifying the requests library for python might help fix this: https://github.com/kennethreitz/requests/

[tomcornall]

@markgukov

[tomcornall]

More notes:

I tried adding a request adapter by mounting to requests like this:

            r = requests.Session()
            r.mount("https://", ForceSSLV3Adapter())

With the ForceSSLV3Adapter:

import ssl
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager

class ForceSSLV3Adapter(HTTPAdapter):
    """Require TLSv1 for the connection"""
    def init_poolmanager(self, connections, maxsize, block=False):
        # This method gets called when there's no proxy.
        self.poolmanager = PoolManager(
            num_pools=connections,
            maxsize=maxsize,
            block=block,
            ssl_version=ssl.PROTOCOL_SSLv3
        )

This gives a slightly different error: Detail: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:590)

[markgukov]

@robotpony: Our recently hardened proxy server only accepts TLS 1.2. Python introduced support for it in 2.7.9 (good, as Macs use 2.7.10). However the support also requires OpenSSL 1.0.1+ (bad, as Macs use 0.9.8zh).

I think we can work with TLS 1. Can we lessen the requirement?