requests Revert caching a default SSLContext

This PR reverts the changes from #6667 to the previous behavior. Due to the number of edge cases and concurrency issues we've encountered with this change, we've decided the benefit doesn't currently outweigh the pain to existing infrastructure. We've iterated on a few tries to keep this functionality in place, but are still receiving reports of novel issues with this behavior.

We may be able to revisit this in a later version of Requests but we'll need a much more comprehensive test plan.

Jul 18 '24 18:07 nateprewitt

Is this still planned to be reverted?

Apr 28 '25 14:04 stianjensen

I would also suggest to revert it ASAP. This unsafe caching can make some applications vulnerable to DOS attack when using mTLS authentication, causing Python to crash. In its current version, requests cannot be used safely in mTLS scenarios.

Jun 02 '25 07:06 Conobi

@sigmavirus24 I applied this PR as a patch to my server and it stopped the core dumps i was experiencing. When is this going to be merged and released?

Jun 13 '25 15:06 dkliban

@dkliban It should go out with the next release. We'll update once we have a clearer timeline, we'll see what we can do next week.

Jun 13 '25 16:06 nateprewitt

@nateprewitt Thank you for merging! Looking forward to the release!

Jun 16 '25 12:06 dkliban

@nateprewitt any updates on when this will be released?

Jun 26 '25 14:06 dkliban

@nateprewitt When will this fix be released?

Aug 08 '25 23:08 rittneje

I had hoped that this would also fix https://github.com/psf/requests/issues/6647 but on my local testing it doesn't seem that it has. Should this PR have fixed that? Or was that one caused by something else?

Oct 01 '25 21:10 jonyscathe