Resolve "Default Ciphers" Issue

ehlewis commented 10 months ago

Description

urllib3>2 does not contain the attribute urllib3.util.ssl_.DEFAULT_CIPHERS anymore In lieu of limiting the requirements file to urllib3<2, a code change was requested that would work with all versions The solution is to add an SSL context adapter to the requests session that specifies the cipher suites that we would like to allow

There were two options, some details about them can be found here, the first is that we could use requests.packages.urllib3.util.ssl_.create_urllib3_context However, we already have some code (which happens to be the code that is breaking) that applies logic in case the module requests.packages.urllib3.util.ssl_doesn't exist. As such, we shouldn't use this in case it doesn't exist. A side benefit is that we can remove the logic which was added to account for this Luckily, we have an analogous function ssl.create_default_context upon which we can enforce our custom cipher suite list and then mount it into the requests session. Some similar usage can be found in this issue this module does require importing ssl, but this is a built-in and does not require extra dependencies be installed

As for the cipher suite list, it was copied from the original source code in urllib3 and was appended with the extra suites in this project that were addressing the 'dh key too small' error

Fixes #7

Type of change

Please delete options that are not relevant.

[X] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
[ ] This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

[x] Tested examples in Readme for application functionality

Checklist:

[x] My code follows the style guidelines of this project
[x] I have performed a self-review of my own code
[ ] I have commented my code, particularly in hard-to-understand areas
[ ] I have made corresponding changes to the documentation
[x] My changes generate no new warnings
[ ] I have added tests that prove my fix is effective or that my feature works
[x] New and existing unit tests pass locally with my changes
[ ] Any dependent changes have been merged and published in downstream modules
[x] I have checked my code and corrected any misspellings

rfc-st commented 9 months ago

Hi, @ehlewis

Thanks for your contribution!: I have to test it, and see if it solves the problem with current versions of urllib3, request, etc while maintaining compatibility with previous versions of these libraries.

I'll check it as soon as I can and let you know.

Have a nice weekend!.

Best regards

rfc-st commented 8 months ago

Hi,

I am closing this PR as I have had to make several adaptations on the code you suggest. Thank you, of course, for your time.

I will mention you in the "Acknowledgements" section of the README.

Best regards,

rfc-st / humble