Fix 403 Bad Authentication with newer urllib3.

Closes #24.

gpsoauth/__init__.py

@@ -1,4 +1,6 @@
 import requests
+import ssl
+from urllib3.poolmanager import PoolManager
 
 from ._version import __version__
 from . import google
@@ -16,9 +18,50 @@
 auth_url = 'https://android.clients.google.com/auth'
 useragent = 'gpsoauth/' + __version__
 
+# Certain ciphers cause Google to return 403 Bad Authentication.
+CIPHERS = ":".join(
+    [
+        "ECDHE+AESGCM",
+        "ECDHE+CHACHA20",
+        "DHE+AESGCM",
+        "DHE+CHACHA20",
+        "ECDH+AES",
+        "DH+AES",
+        "RSA+AESGCM",
+        "RSA+AES",
+        "!aNULL",
+        "!eNULL",
+        "!MD5",
+        "!DSS",
+    ]
+)
+
+class SSLContext(ssl.SSLContext):
+    def set_alpn_protocols(self, protocols):
+        """
+        ALPN headers cause Google to return 403 Bad Authentication.
+        """
+        pass
+
+class AuthHTTPAdapter(requests.adapters.HTTPAdapter):
+    def init_poolmanager(self, *args, **kwargs):
+        """
+        Secure settings from ssl.create_default_context(), but without
+        ssl.OP_NO_TICKET which causes Google to return 403 Bad
+        Authentication.
+        """
+        context = SSLContext()
+        context.set_ciphers(CIPHERS)
+        context.options |= ssl.OP_NO_COMPRESSION
+        context.options |= ssl.OP_NO_SSLv2
+        context.options |= ssl.OP_NO_SSLv3
+        context.post_handshake_auth = True
+        context.verify_mode = ssl.CERT_REQUIRED
+        self.poolmanager = PoolManager(*args, ssl_context=context, **kwargs)
 
 def _perform_auth_request(data, proxy=None):
     session = requests.session()
+    session.mount(auth_url, AuthHTTPAdapter())
     if proxy:
         session.proxies = proxy
 

setup.py

@@ -36,7 +36,6 @@
     install_requires=[
         'pycryptodomex >= 3.0',
         'requests',
-        'urllib3 < 1.26.0',  # newer urllib3 versions cause BadAuth: https://github.com/urllib3/urllib3/issues/2101
     ],
     license='MIT',
     zip_safe=False,