Aiohttp: Can't suppress all SSL verification errors

GitMate.io thinks possibly related issues are https://github.com/aio-libs/aiohttp/issues/2822 (Unexpected SSL error (CERTIFICATE_VERIFY_FAILED)), https://github.com/aio-libs/aiohttp/issues/3242 (Error), https://github.com/aio-libs/aiohttp/issues/2408 (SSL Errors are not caught by proxy connector), https://github.com/aio-libs/aiohttp/issues/272 (SSL documentation), and https://github.com/aio-libs/aiohttp/issues/1203 (CookieJar error).

ssl=False means SSL certificates check disabling, not disabling SSL at all.
Sorry, it is impossible.
If peers cannot agree on used SSL protocol version -- they just cannot work together.
Perhaps your server uses an old SSL version disabled by Python for security reasons.
Please learn how to create a custom ssl.SSLContext with passing a flag to enable compromised SSL modes.
The subject is out of aiohttp scope, standard python documentation can help: https://docs.python.org/3/library/ssl.html#ssl.create_default_context

Any way to prevent the stack trace from being displayed on stdout?

Fixed in Python 3.8. No way to fix it in aiohttp itself.

ssl=False means SSL certificates check disabling, not disabling SSL at all.
Sorry, it is impossible.
If peers cannot agree on used SSL protocol version -- they just cannot work together.
Perhaps your server uses an old SSL version disabled by Python for security reasons.
Please learn how to create a custom ssl.SSLContext with passing a flag to enable compromised SSL modes.
The subject is out of aiohttp scope, standard python documentation can help: https://docs.python.org/3/library/ssl.html#ssl.create_default_context

Can you give a example of creating a custom ssl.SSLContext and how it would be used in aiohttp? I been trying for awhile now but I keep running into issues. A simple example would be much appreciated.

@antfuentes87

import ssl

from aiohttp import web

custom_context = ssl.create_default_context()
custom_context... # do things to it

web.run_app(..., ssl_context=custom_context, ...)

@webknjaz

Thank you very much for the example. I did actually mange to get that far. The part I am struggling with is when @asvetlov said with passing a flag to enable compromised SSL modes. What does he mean by that and what dose that look like?

Probably custom_context.verify_mode = ssl.CERT_NONE, it depends on your use-case. You should try to understand what you want first.

Probably custom_context.verify_mode = ssl.CERT_NONE, it depends on your use-case. You should try to understand what you want first.

Yes that is what I was looking for. Thank you very much! Unfortunately it did not make ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number go away. Pretty sure there is nothing else I can try. Probably just have to wait to upgrade to Python 3.8

That's because this error is not about cert verification. It's about the client trying to connect via plain http to https port.

verify_mode on server-side socket controls how server verifies client cert which you probably don't use. same on the client-side socket would let you ignore invalid server cert which but that's now where the exception is happening.

So no, this will not help you to suppress the exception. And yet, if it's a bug in asyncio you could try replacing it with something else, like uvloop.

Try different ssl.PROTOCOL* values.
Maybe ssl.PROTOCOL_SSLv2 can help with outdated servers

This thread has been automatically locked since there has not been
any recent activity after it was closed. Please open a [new issue] for
related bugs.

If you feel like there's important points made in this discussion,
please include those exceprts into that [new issue].