UNSAFE_LEGACY_RENEGOTIATION_DISABLED due to OpenSSL 3.0

[berkorbay]

Hi. For Python 3.11 requests module throws an exception due to changes in OpenSSL 3.0. See here and here for detail.

I also get a similar error.

requests.exceptions.SSLError: HTTPSConnectionPool(host='XXXX', port=443): Max retries exceeded with url: XXXX (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:1002)')))

I use a Mac M1 with Python 3.11.4 (zeep==4.2.1). It is possible to overcome it in Ubuntu (by changing openssl.cnf) and/or with urllib3. Is there any way possible to circumvent this inconvenience in Zeep with extra arguments?

[berkorbay]

Since this is originally a requests and ssl issue it might not be the in zeep's radar. Therefore I'm closing the issue. But I found a "working" workaround for those who have the same problem: https://stackoverflow.com/a/71646353/3608936

I'm also copy pasting a partial example using the solution mentioned above.

from requests import Session
from zeep import Client
from zeep.transports import Transport
import ssl
import urllib3

## Direct copy-paste from SO (as SWE best practice:)
class CustomHttpAdapter (requests.adapters.HTTPAdapter):
    '''Transport adapter" that allows us to use custom ssl_context.'''

    def __init__(self, ssl_context=None, **kwargs):
        self.ssl_context = ssl_context
        super().__init__(**kwargs)

    def init_poolmanager(self, connections, maxsize, block=False):
        self.poolmanager = urllib3.poolmanager.PoolManager(
            num_pools=connections, maxsize=maxsize,
            block=block, ssl_context=self.ssl_context)


session = Session()

## Direct copy-paste from SO
ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) 
ctx.options |= 0x4 
session.mount('https://', CustomHttpAdapter(ctx))

client = Client(MY_WSDL,transport=Transport(session=session)) ## Add other parameters as you wish