httpx icon indicating copy to clipboard operation
httpx copied to clipboard
verified publisher icon encode

dh key too small (_ssl.c:997) when making request without proxy

Open FuckingToasters opened this issue 3 years ago • 4 comments

httpx version:

httpcore 0.14.7 httpx 0.22.0

Current Behavior:

I want to be able to make requests with and without a proxy.

Expected Behavior:

It should ask for the proxy protocol (this works fine) then passing the proxy protocol to the function using this pice of code:

if __name__ == "__main__":
    main_menu.logo()
    session_input = pystyle.Write.Input("\t[*] How many concurrent Threads do you want to use?: ", pystyle.Colors.col, interval=0.02).lower()
    proxy_input = pystyle.Write.Input("\t[*] Proxy Protocol (http/https/socks5) | Enter nothing to use without Proxy: ", pystyle.Colors.col, interval=0.02).lower()
    threads = []
    try:
        for _ in range(int(session_input)):
                t = threading.Thread(target=function, args=[proxy_input])
                t.start()
                threads.append(t)

    except ValueError:
        print(pystyle.Write.Input("\t[*] Please Enter a valid Thread Number!\n", pystyle.Colors.red, interval=0.02).lower())
        sys.exit(69)

Now, i do a request with following code:

proxy_formatted = f"{proxy_protocol}://{proxy_username}:{proxy_password}@{proxy_host}:{proxy_port}"
if proxy_protocol != "": proxy_auth = {"all://": proxy_formatted}
else: proxy_auth = {"all://": None}
url = "https://placeholder.example/api"
post_data = {"username": combo_username, "password": combo_password}
resp = httpx.post(url, headers=headers, json=post_data, proxies=proxy_auth if proxy_protocol != "" else None)

If i choose https in the proxy input, the request works fine but if i leave it empty (which then is being set to None) I'll get following Traceback:

Traceback (most recent call last):
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\threading.py", line 1009, in _bootstrap_inner
    self.run()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\threading.py", line 946, in run
    self._target(*self._args, **self._kwargs)
  File "D:\Private\coding\python\projects\custom_checkers\testing\main.py", line 44, in british_airways
    resp = httpx.post(url, headers=headers, json=post_data, proxies=proxy_auth if str(proxy_protocol) != "" else None)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\httpx\_api.py", line 304, in post
    return request(
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\httpx\_api.py", line 100, in request
    return client.request(
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\httpx\_client.py", line 802, in request
    return self.send(request, auth=auth, follow_redirects=follow_redirects)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\httpx\_client.py", line 889, in send
    response = self._send_handling_auth(
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\httpx\_client.py", line 917, in _send_handling_auth
    response = self._send_handling_redirects(
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\httpx\_client.py", line 954, in _send_handling_redirects
    response = self._send_single_request(request)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\httpx\_client.py", line 990, in _send_single_request
    response = transport.handle_request(request)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\httpx\_transports\default.py", line 217, in handle_request
    with map_httpcore_exceptions():
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\contextlib.py", line 153, in __exit__
    self.gen.throw(typ, value, traceback)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\httpx\_transports\default.py", line 77, in map_httpcore_exceptions
    raise mapped_exc(message) from exc
httpx.ConnectError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:997)

Process finished with exit code 0
```

### Steps To Reproduce:
Try to execute aboe code for yourself. maybe this issue will happen to you too.


### Anything else:
Not at the moment. i might edit this section later if there is anything else in the future.

FuckingToasters avatar May 30 '22 19:05 FuckingToasters

Update: I now get the error "destination unreachable" when using specific proxies. How can i put the proxy in retry que so it will retry it let s say 5 times and if in the 5 times the request were not successful, it choose another proxy from the proxylist?

FuckingToasters avatar Jun 18 '22 11:06 FuckingToasters

can you make a runnable example? I can't reproduce this because I don't have values for your proxy_protocol, proxy_host etc:

Traceback (most recent call last):
  File "/home/graingert/projects/httpx/demo.py", line 1, in <module>
    proxy_formatted = f"{proxy_protocol}://{proxy_username}:{proxy_password}@{proxy_host}:{proxy_port}"
NameError: name 'proxy_protocol' is not defined

graingert avatar Jun 18 '22 11:06 graingert

searching the web for "proxy" "british airways" and "DH_KEY_TOO_SMALL" leads me to https://twitter.com/GossiTheDog/status/1497313647055486978?s=20&t=0t3Bq3qLjCfLdSAn4wLz8A

graingert avatar Jun 18 '22 11:06 graingert

can you make a runnable example? I can't reproduce this because I don't have values for your proxy_protocol, proxy_host etc:

Traceback (most recent call last):
  File "/home/graingert/projects/httpx/demo.py", line 1, in <module>
    proxy_formatted = f"{proxy_protocol}://{proxy_username}:{proxy_password}@{proxy_host}:{proxy_port}"
NameError: name 'proxy_protocol' is not defined

proxy_protocol is stuff like "http", "https", "socks5" you can set them depending on your proxy. hostname is the proxy ip

FuckingToasters avatar Jun 28 '22 19:06 FuckingToasters

Assumption would be that you're using a proxy with a broken SSL configuration. We're not in a position to be able to help much since we can't verify this for you. Steps to narrow this down would either be...

  • Testing different HTTP clients to try to identify if it's reproducible on them too. (aiohttp, requests, urllib3)
  • Giving us some way to replicate the issue.

You can probably side-step it with verify=False, which is a bit meh.

There is probably a bunch of stuff that we could do at some point in the future to try to imrpvode on our error messaging, but we don't get a lot to work with here.

lovelydinosaur avatar Oct 06 '22 11:10 lovelydinosaur 

requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += 'HIGH:!DH:!aNULL'

Refer to the requests library, it can be a solution.

httpx._config.DEFAULT_CIPHERS += ':HIGH:!DH:!aNULL'

AbelLin1214 avatar Jan 18 '23 06:01 AbelLin1214