aiohttp.client_exceptions.ClientConnectorError Cannot connect to host xxx ssl:None [None]
Traceback (most recent call last):
File "F:\tmp\alter-svc\venv\lib\site-packages\aiohttp\connector.py", line 924, in _wrap_create_connection
await self._loop.create_connection(*args, **kwargs))
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37-32\lib\asyncio\base_events.py", line 970, in create_connection
ssl_handshake_timeout=ssl_handshake_timeout)
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37-32\lib\asyncio\base_events.py", line 998, in _create_connection_transport
await waiter
ConnectionResetError
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "E:/code/alter-svc/api/test.py", line 22, in <module>
loop.run_until_complete(test())
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37-32\lib\asyncio\base_events.py", line 568, in run_until_complete
return future.result()
File "E:/code/alter-svc/api/test.py", line 14, in test
r = await session.get('https://www.mdnkids.com/news/?Serial_NO=108552')
File "F:\tmp\alter-svc\venv\lib\site-packages\aiohttp\client.py", line 466, in _request
timeout=real_timeout
File "F:\tmp\alter-svc\venv\lib\site-packages\aiohttp\connector.py", line 522, in connect
proto = await self._create_connection(req, traces, timeout)
File "F:\tmp\alter-svc\venv\lib\site-packages\aiohttp\connector.py", line 854, in _create_connection
req, traces, timeout)
File "F:\tmp\alter-svc\venv\lib\site-packages\aiohttp\connector.py", line 992, in _create_direct_connection
raise last_exc
File "F:\tmp\alter-svc\venv\lib\site-packages\aiohttp\connector.py", line 974, in _create_direct_connection
req=req, client_error=client_error)
File "F:\tmp\alter-svc\venv\lib\site-packages\aiohttp\connector.py", line 931, in _wrap_create_connection
raise client_error(req.connection_key, exc) from exc
aiohttp.client_exceptions.ClientConnectorError: Cannot connect to host www.mdnkids.com:443 ssl:None [None]
My Code
import aiohttp
import asyncio
async def test():
async with aiohttp.ClientSession() as session:
r = await session.get('https://www.mdnkids.com/news/?Serial_NO=108552')
print(await r.text())
if __name__ == "__main__":
loop = asyncio.get_event_loop()
loop.run_until_complete(test())
Your environment
windows 10/centos 7.2
python 3.7
aiohttp 3.5.4 /4.0.0a0
bug
pytomtoto
All 7 comments
GitMate.io thinks the contributor most likely able to help you is @asvetlov.
Possibly related issues are https://github.com/aio-libs/aiohttp/issues/3038 (aiohttp.client_exceptions.ClientConnectorError: Cannot connect to host www.googleapis.com:443 ssl:False [Too many open files]), https://github.com/aio-libs/aiohttp/issues/3171 (ClientConnectorError: Cannot connect to host python.org:80 ssl:None [Network is unreachable]), https://github.com/aio-libs/aiohttp/issues/1376 (ClientOSError when trying to connect to certain hosts), https://github.com/aio-libs/aiohttp/issues/510 (Empty host crashes aiohttp), and https://github.com/aio-libs/aiohttp/issues/58 (aiohttp.HttpClient).
aio-libs-bot
on 29 Mar 2019
It seems to be openssl issue, most probabily your openssl is not compiled to support weak ciphers, i ran cipherscan tool on www.mdnkids.com and here are supported ciphers
Target: www.mdnkids.com:443
prio ciphersuite protocols pubkey_size signature_algoritm trusted ticket_hint ocsp_staple npn pfs
1 RC4-MD5 SSLv2,SSLv3,TLSv1 2048 sha256WithRSAEncryption True None False None None None
2 RC4-SHA SSLv3,TLSv1 2048 sha256WithRSAEncryption True None False None None None
3 DES-CBC3-SHA SSLv3,TLSv1 2048 sha256WithRSAEncryption True None False None None None
4 EXP1024-RC4-SHA SSLv3,TLSv1 2048 sha256WithRSAEncryption True None False None RSA,1024bits None
5 EXP1024-DES-CBC-SHA SSLv3,TLSv1 2048 sha256WithRSAEncryption True None False None RSA,1024bits None
6 EXP-RC4-MD5 SSLv3,TLSv1 2048 sha256WithRSAEncryption True None False None RSA,512bits None
7 EXP-RC2-CBC-MD5 SSLv3,TLSv1 2048 sha256WithRSAEncryption True None False None RSA,512bits None
8 RC2-CBC-MD5 SSLv2 2048 sha256WithRSAEncryption False None False None None None
9 DES-CBC3-MD5 SSLv2 2048 sha256WithRSAEncryption False None False None None None
10 DES-CBC-MD5 SSLv2 2048 sha256WithRSAEncryption False None False None None None
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: unknown - fallback: no
Renegotiation test error
Supported compression methods test error
TLS Tolerance: no
Fallbacks required:
big-SSLv3 config not supported, connection failed
big-TLSv1.0 config not supported, connection failed
big-TLSv1.1 config not supported, connection failed
big-TLSv1.2 config not supported, connection failed
small-SSLv3 no fallback req, connected: SSLv3 RC4-MD5
small-TLSv1.0 no fallback req, connected: TLSv1 RC4-MD5
small-TLSv1.0-notlsext no fallback req, connected: TLSv1 RC4-MD5
small-TLSv1.1 no fallback req, connected: TLSv1 RC4-MD5
small-TLSv1.2 no fallback req, connected: TLSv1 RC4-MD5
v2-big-TLSv1.2 no fallback req, connected: TLSv1 RC4-MD5
v2-small-SSLv3 no fallback req, connected: SSLv3 RC4-MD5
v2-small-TLSv1.0 no fallback req, connected: TLSv1 RC4-MD5
v2-small-TLSv1.1 no fallback req, connected: TLSv1 RC4-MD5
v2-small-TLSv1.2 no fallback req, connected: TLSv1 RC4-MD5
You can run command
openssl ciphers 'ALL'
to see ciphers supported by your openssl version,
I haven't tried this solution because it would require me to rebuild python so, you can try if you want
- build openssl with option enable-weak-ciphers ( you can find it in openssl configuration doc)
- build python and link that with above openssl build
- pass ssl context to ClientSession.get having 'RC4-SHA' cipher supported
newmanifold
on 30 Mar 2019
OS: WINDOWS 10
Python 3.7.2 (tags/v3.7.2:9a3ffc0492, Dec 23 2018, 23:09:28) [MSC v.1916 64 bit (AMD64)] on win32
import ssl
ssl.OPENSSL_VERSION
'OpenSSL 1.1.0j 20 Nov 2018'
It`s difficult to rebuild python.
I try to use ssl context to pass this.
but i don't know how to set it
----------------
ctx = ssl.create_default_context(Purpose.CLIENT_AUTH)
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
ctx.options &= ~ssl.OP_ALL
async with aiohttp.ClientSession(connector=aiohttp.TCPConnector(ssl=ctx), loop=loop) as session:
# r = await session.get('https://www.mdnkids.com/news/?Serial_NO=108552')
# print(await r.text())
r = await session.get('https://www.mdnkids.com/news/?Serial_NO=108552')
print(await r.text())
well, its definitely the issue with your openssl not supporting weak ciphers
I've built openssl with weak cipher support and linked with curl while building curl,
now its not giving any ssl error with RC4-MD5 cipher, and curl is fetching page response without any issue
Can you please run following command in terminal
openssl ciphers 'ALL'
and this
python3 -c 'import ssl; print(ssl.SSLContext().get_ciphers())'
Now if your openssl doesn't support weak ciphers you will have to rebuild python with openssl
newmanifold
on 30 Mar 2019
I can't run command in terminal with openssl ciphers 'ALL'锛寃indows 10 tell me openssl it's not a valid order. i try to install one later.
python3 -c 'import ssl; print(ssl.SSLContext().get_ciphers())'
[{
'id': 50380844,
'name': 'ECDHE-ECDSA-AES256-GCM-SHA384',
'protocol': 'TLSv1.2',
'description': 'ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD',
'strength_bits': 256,
'alg_bits': 256,
'aead': True,
'symmetric': 'aes-256-gcm',
'digest': None,
'kea': 'kx-ecdhe',
'auth': 'auth-ecdsa'
}, {
'id': 50380848,
'name': 'ECDHE-RSA-AES256-GCM-SHA384',
'protocol': 'TLSv1.2',
'description': 'ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD',
'strength_bits': 256,
'alg_bits': 256,
'aead': True,
'symmetric': 'aes-256-gcm',
'digest': None,
'kea': 'kx-ecdhe',
'auth': 'auth-rsa'
}, {
'id': 50331807,
'name': 'DHE-RSA-AES256-GCM-SHA384',
'protocol': 'TLSv1.2',
'description': 'DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD',
'strength_bits': 256,
'alg_bits': 256,
'aead': True,
'symmetric': 'aes-256-gcm',
'digest': None,
'kea': 'kx-dhe',
'auth': 'auth-rsa'
}, {
'id': 50384041,
'name': 'ECDHE-ECDSA-CHACHA20-POLY1305',
'protocol': 'TLSv1.2',
'description': 'ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD',
'strength_bits': 256,
'alg_bits': 256,
'aead': True,
'symmetric': 'chacha20-poly1305',
'digest': None,
'kea': 'kx-ecdhe',
'auth': 'auth-ecdsa'
}, {
'id': 50384040,
'name': 'ECDHE-RSA-CHACHA20-POLY1305',
'protocol': 'TLSv1.2',
'description': 'ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD',
'strength_bits': 256,
'alg_bits': 256,
'aead': True,
'symmetric': 'chacha20-poly1305',
'digest': None,
'kea': 'kx-ecdhe',
'auth': 'auth-rsa'
}, {
'id': 50384042,
'name': 'DHE-RSA-CHACHA20-POLY1305',
'protocol': 'TLSv1.2',
'description': 'DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD',
'strength_bits': 256,
'alg_bits': 256,
'aead': True,
'symmetric': 'chacha20-poly1305',
'digest': None,
'kea': 'kx-dhe',
'auth': 'auth-rsa'
}, {
'id': 50380843,
'name': 'ECDHE-ECDSA-AES128-GCM-SHA256',
'protocol': 'TLSv1.2',
'description': 'ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD',
'strength_bits': 128,
'alg_bits': 128,
'aead': True,
'symmetric': 'aes-128-gcm',
'digest': None,
'kea': 'kx-ecdhe',
'auth': 'auth-ecdsa'
}, {
'id': 50380847,
'name': 'ECDHE-RSA-AES128-GCM-SHA256',
'protocol': 'TLSv1.2',
'description': 'ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD',
'strength_bits': 128,
'alg_bits': 128,
'aead': True,
'symmetric': 'aes-128-gcm',
'digest': None,
'kea': 'kx-ecdhe',
'auth': 'auth-rsa'
}, {
'id': 50331806,
'name': 'DHE-RSA-AES128-GCM-SHA256',
'protocol': 'TLSv1.2',
'description': 'DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD',
'strength_bits': 128,
'alg_bits': 128,
'aead': True,
'symmetric': 'aes-128-gcm',
'digest': None,
'kea': 'kx-dhe',
'auth': 'auth-rsa'
}, {
'id': 50380836,
'name': 'ECDHE-ECDSA-AES256-SHA384',
'protocol': 'TLSv1.2',
'description': 'ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384',
'strength_bits': 256,
'alg_bits': 256,
'aead': False,
'symmetric': 'aes-256-cbc',
'digest': 'sha384',
'kea': 'kx-ecdhe',
'auth': 'auth-ecdsa'
}, {
'id': 50380840,
'name': 'ECDHE-RSA-AES256-SHA384',
'protocol': 'TLSv1.2',
'description': 'ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384',
'strength_bits': 256,
'alg_bits': 256,
'aead': False,
'symmetric': 'aes-256-cbc',
'digest': 'sha384',
'kea': 'kx-ecdhe',
'auth': 'auth-rsa'
}, {
'id': 50331755,
'name': 'DHE-RSA-AES256-SHA256',
'protocol': 'TLSv1.2',
'description': 'DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256',
'strength_bits': 256,
'alg_bits': 256,
'aead': False,
'symmetric': 'aes-256-cbc',
'digest': 'sha256',
'kea': 'kx-dhe',
'auth': 'auth-rsa'
}, {
'id': 50380835,
'name': 'ECDHE-ECDSA-AES128-SHA256',
'protocol': 'TLSv1.2',
'description': 'ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256',
'strength_bits': 128,
'alg_bits': 128,
'aead': False,
'symmetric': 'aes-128-cbc',
'digest': 'sha256',
'kea': 'kx-ecdhe',
'auth': 'auth-ecdsa'
}, {
'id': 50380839,
'name': 'ECDHE-RSA-AES128-SHA256',
'protocol': 'TLSv1.2',
'description': 'ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256',
'strength_bits': 128,
'alg_bits': 128,
'aead': False,
'symmetric': 'aes-128-cbc',
'digest': 'sha256',
'kea': 'kx-ecdhe',
'auth': 'auth-rsa'
}, {
'id': 50331751,
'name': 'DHE-RSA-AES128-SHA256',
'protocol': 'TLSv1.2',
'description': 'DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256',
'strength_bits': 128,
'alg_bits': 128,
'aead': False,
'symmetric': 'aes-128-cbc',
'digest': 'sha256',
'kea': 'kx-dhe',
'auth': 'auth-rsa'
}, {
'id': 50380810,
'name': 'ECDHE-ECDSA-AES256-SHA',
'protocol': 'TLSv1.0',
'description': 'ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1',
'strength_bits': 256,
'alg_bits': 256,
'aead': False,
'symmetric': 'aes-256-cbc',
'digest': 'sha1',
'kea': 'kx-ecdhe',
'auth': 'auth-ecdsa'
}, {
'id': 50380820,
'name': 'ECDHE-RSA-AES256-SHA',
'protocol': 'TLSv1.0',
'description': 'ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1',
'strength_bits': 256,
'alg_bits': 256,
'aead': False,
'symmetric': 'aes-256-cbc',
'digest': 'sha1',
'kea': 'kx-ecdhe',
'auth': 'auth-rsa'
}, {
'id': 50331705,
'name': 'DHE-RSA-AES256-SHA',
'protocol': 'SSLv3',
'description': 'DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1',
'strength_bits': 256,
'alg_bits': 256,
'aead': False,
'symmetric': 'aes-256-cbc',
'digest': 'sha1',
'kea': 'kx-dhe',
'auth': 'auth-rsa'
}, {
'id': 50380809,
'name': 'ECDHE-ECDSA-AES128-SHA',
'protocol': 'TLSv1.0',
'description': 'ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1',
'strength_bits': 128,
'alg_bits': 128,
'aead': False,
'symmetric': 'aes-128-cbc',
'digest': 'sha1',
'kea': 'kx-ecdhe',
'auth': 'auth-ecdsa'
}, {
'id': 50380819,
'name': 'ECDHE-RSA-AES128-SHA',
'protocol': 'TLSv1.0',
'description': 'ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1',
'strength_bits': 128,
'alg_bits': 128,
'aead': False,
'symmetric': 'aes-128-cbc',
'digest': 'sha1',
'kea': 'kx-ecdhe',
'auth': 'auth-rsa'
}, {
'id': 50331699,
'name': 'DHE-RSA-AES128-SHA',
'protocol': 'SSLv3',
'description': 'DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1',
'strength_bits': 128,
'alg_bits': 128,
'aead': False,
'symmetric': 'aes-128-cbc',
'digest': 'sha1',
'kea': 'kx-dhe',
'auth': 'auth-rsa'
}, {
'id': 50331805,
'name': 'AES256-GCM-SHA384',
'protocol': 'TLSv1.2',
'description': 'AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD',
'strength_bits': 256,
'alg_bits': 256,
'aead': True,
'symmetric': 'aes-256-gcm',
'digest': None,
'kea': 'kx-rsa',
'auth': 'auth-rsa'
}, {
'id': 50331804,
'name': 'AES128-GCM-SHA256',
'protocol': 'TLSv1.2',
'description': 'AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD',
'strength_bits': 128,
'alg_bits': 128,
'aead': True,
'symmetric': 'aes-128-gcm',
'digest': None,
'kea': 'kx-rsa',
'auth': 'auth-rsa'
}, {
'id': 50331709,
'name': 'AES256-SHA256',
'protocol': 'TLSv1.2',
'description': 'AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256',
'strength_bits': 256,
'alg_bits': 256,
'aead': False,
'symmetric': 'aes-256-cbc',
'digest': 'sha256',
'kea': 'kx-rsa',
'auth': 'auth-rsa'
}, {
'id': 50331708,
'name': 'AES128-SHA256',
'protocol': 'TLSv1.2',
'description': 'AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256',
'strength_bits': 128,
'alg_bits': 128,
'aead': False,
'symmetric': 'aes-128-cbc',
'digest': 'sha256',
'kea': 'kx-rsa',
'auth': 'auth-rsa'
}, {
'id': 50331701,
'name': 'AES256-SHA',
'protocol': 'SSLv3',
'description': 'AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1',
'strength_bits': 256,
'alg_bits': 256,
'aead': False,
'symmetric': 'aes-256-cbc',
'digest': 'sha1',
'kea': 'kx-rsa',
'auth': 'auth-rsa'
}, {
'id': 50331695,
'name': 'AES128-SHA',
'protocol': 'SSLv3',
'description': 'AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1',
'strength_bits': 128,
'alg_bits': 128,
'aead': False,
'symmetric': 'aes-128-cbc',
'digest': 'sha1',
'kea': 'kx-rsa',
'auth': 'auth-rsa'
}]
Hmm, RC4 Cipher is missing, well if you really want to send http requests from python to www.mdnkids.com, you can try building openssl with weak ciphers on WSL and afterwards build python3,
Sorry but i can't find any tool or method to just relink openssl with existing python build ,
newmanifold
on 30 Mar 2019
ok ,thx. I probably know about this.
I just suggest to consider a more relaxed validation abort verify_ssl=False
pytomtoto
on 30 Mar 2019
👍4
Was this page helpful?
0 / 5 - 0 ratings
Related issues
ahuigo
路
5Comments
AtomsForPeace
路
5Comments
rckclmbr
路
5Comments
Websocket reading message loop raises low-level CanceledError when connection is closed unexpectedly
kr41
路
4Comments
Smosker
路
3Comments
Most helpful comment
ok ,thx. I probably know about this.
I just suggest to consider a more relaxed validation abort
verify_ssl=False