SSL Handshake Failure with Python 3.11 and 3.12

Hi everyone,

I’m encountering an SSL handshake failure when upgrading my Python application from versions 3.8 and 3.9 to 3.11 and 3.12. The server side uses TLS 1.2. Here are the errors I’m seeing:

Python 3.12: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1000)
Python 3.11: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1006)

I suspect this is due to a mismatch between the server and client protocols. Below is a snippet of my code:

import smtplib
import http.client
import base64
import urllib
import os

host = “xyzabc.coom”
path = “get/FileDetails”

path = ‘XYZ/XYZ’

context = ssl.create_default_context()
context.minimum_version = ssl.TLSVersion.TLSv1_2
context.maximum_version = ssl.TLSVersion.TLSv1_2

conn = http.client.HTTPSConnection(host, context=context)
conn.request(method=“GET”, url=path, headers=headers)
response = conn.getresponse()
conn.close()

I’ve tried enforcing TLS 1.2 in my code, but the issue persists. Any suggestions on how to resolve this?

Thanks in advance!

What OS are you using? It could be a configuration of the TLS that is the issue.
If you are ona linux or BSD system then you can test with the openssl command.

I am running on windows

Can you use a browser to access the page?

Doesn’t this prevent TLS v1.3? A lot of sites a TLS 1.3 these days.

I tried to enforce python 3.11 to use TLS 1.2 cuz the server also having same

Try removing the restrictions are see if you can connect.
Its usually a bad idea to prevent more secure TLS from being used.

I am facing same error. Previously i don’t have it.

Is the server you are connecting to on the internet?
If so I could do a test connection.

its not in internet.
With python 3.8 , 3.9 its working fine.

Below is the actual code

conn = http.client.HTTPSConnection(host)
conn.request(method=“GET”, url=path, headers=headers)
response = conn.getresponse()

Issue fixed after setting cipher context to supported server protocol
did following

ctx = ssl.create_default_context() # This code configures an SSL context with a specific set of secure ciphers, ensuring strong encryption for secure communications. It excludes weaker ciphers to enhance security.
ctx.set_ciphers(‘@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:AESGCM:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM:!PSK’)

1 Like