Python SSLError, sslv3 alert handshake failure, for wallhaven.cc

Amanthul picture Amanthul · Oct 26, 2016 · Viewed 13.2k times · Source

Python Version: 3.5.2

OS: OS X 10.12

OpenSSL Version: OpenSSL 1.1.0b 26 Sep 2016

I'm trying to requests "https://alpha.wallhaven.cc".

import urllib.request
init_page=urllib.request.urlopen("https://alpha.wallhaven.cc")

Then get

ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:645)

and

During handling of the above exception, another exception occurred:
...
urllib.error.URLError: <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:645)>

The following solutions don't work:

import requests.packages.urllib3.util.ssl_
requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS='ALL'

import ssl
ssl._create_default_https_context = ssl._create_unverified_context

import requests
print(requests.get("https://alpha.wallhaven.cc",verify=False))

or change /APNSWrapper/connection.py line 131:

ssl_version = self.ssl_module.PROTOCOL_SSLv3,

into

ssl_version = self.ssl_module.PROTOCOL_TLSv1,

Then what is the problem? How to solve it? Thanks a lot!

Answer

Steffen Ullrich picture Steffen Ullrich · Oct 26, 2016

OpenSSL Version: OpenSSL 1.1.0b 26 Sep 2016 ... sslv3 alert handshake failure (_ssl.c:645)>

I do not doubt that you have OpenSSL 1.1.0b installed on your system but I doubt that this version is actually used by your python. Usually MacOS has the old version 0.9.8 of OpenSSL installed and unless one compiles python to use another openssl this version will be used, even if other OpenSSL versions are installed somewhere on the system. To check what version of OpenSSL is used by your python:

  import ssl
  print(ssl.OPENSSL_VERSION)

If this shows OpenSSL 1.1.0b... I'm wrong in my assumption but if this shows 0.9.8 I'm right with the following argumentation:

  • handshake failure indicates a problem which is not related to certificate validation.
  • Looking at the SSLLabs report I can see that the server only suppors ECDHE ciphers.
  • ECDHE ciphers are not support by OpenSSL version 0.9.8
  • therefore there are no shared ciphers between client and server and the handshake fails