I have an application making api requests via aiohttp
library.
session = aiohttp.ClientSession()
session.get(url, proxy=get_proxy_v2(), ssl=False)
I make around 10 requests/second. About once a hour I get the following error:
aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host <REDACTED_HOST>:443 ssl:False [[SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:997)]
Initially, I didn't have ssl=False
but added to try and avoid this error, but it had no effect, about once a hour I get this error still. I could simply add a try catch to catch the error and retry, but would like to properly fix this error. I am a bit confused on how I am getting a SSL error even though I have ssl set to False. Not sure where to go from here.
CodePudding user response:
I am a bit confused on how I am getting a SSL error even though I have ssl set to False.
ssl=False
ignores only certificate validation errors. But TLSV1_ALERT_INTERNAL_ERROR has nothing to do with certificate validation, so this option does not help here. Apart from that setting ssl=False
is a very bad idea since it significantly downgrades the security offered by HTTPS - it will no longer protect against active man in the middle attacks.
There are various reasons TLSV1_ALERT_INTERNAL_ERROR might occur, like having no common ciphers or protocol versions, needing client certificates, server being overloaded or whatever. When connecting arbitrary servers on the internet it is expected that sometimes such errors occur. Catching the error and ignoring this server for now is usually right choice.
If the error happens for servers one really want to connect to one has to analyze the cause of the problem with this specific server and then try to address this specific cause, i.e. there is no generic solution.