Open wenscl opened 3 years ago
Seems like you may need to set your own cipher in requests
, see https://stackoverflow.com/questions/38015537/python-requests-exceptions-sslerror-dh-key-too-small.
I think this may also depend on the OpenSSL version that your Python is using too. I did not run into this issue on Python 3.9.5 with the latest zeep:
$ python
Python 3.9.5 (default, May 4 2021, 03:36:27)
[Clang 12.0.0 (clang-1200.0.32.29)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from zeep import Client
>>> client = Client("https://wsaahomo.afip.gov.ar/ws/services/LoginCms?wsdl")
>>> client.__dict__
{'settings': _local(strict=True, raw_response=False, force_https=True, extra_http_headers=None, xml_huge_tree=False, forbid_dtd=False, forbid_entities=True, forbid_external=True, xsd_ignore_sequence_order=False, _tls=<_thread._local object at 0x109664db0>), 'transport': <zeep.transports.Transport object at 0x10960fcd0>, 'wsdl': <WSDL(location='https://wsaahomo.afip.gov.ar/ws/services/LoginCms?wsdl')>, 'wsse': None, 'plugins': [], '_default_service': None, '_default_service_name': None, '_default_port_name': None, '_default_soapheaders': None}
$ pip freeze
appdirs==1.4.4
attrs==21.2.0
cached-property==1.5.2
certifi==2021.5.30
chardet==4.0.0
defusedxml==0.7.1
idna==2.10
isodate==0.6.0
lxml==4.6.3
pytz==2021.1
requests==2.25.1
requests-file==1.5.1
requests-toolbelt==0.9.1
six==1.16.0
urllib3==1.26.6
zeep==4.0.0
And a recent OpenSSL:
$ python
Python 3.9.5 (default, May 4 2021, 03:36:27)
[Clang 12.0.0 (clang-1200.0.32.29)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 1.1.1k 25 Mar 2021'
Also had this error on ldap3 lib, could make it work by forcing TLSv1_1 instead of TLSv1_2. Maybe it could help
If you have control over the server (or can contact those who do) then ideally the solution would be to configure the server to be more secure by increasing the number of bits used by the server temp key for DH key exchange (see https://stackoverflow.com/a/64581683/).
If you're using python 3.10 then the reason for "dh key too small" is likely because Python has tightened up the defaults they use for OpenSSL see https://github.com/python/cpython/pull/25778 - you can of course find methods online to force your python client to be less secure again but it is far preferable to update the server as above (or for the client to try and force use of an alternative that is not DH).
Zeep version: 4.0.0 WSDL: https://wsaahomo.afip.gov.ar/ws/services/LoginCms?wsdl
I'm trying to use the Client and getting the following error: