Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How to force Client to use a specific TLS version?

See original GitHub issue

So basically im migrating from requests to httpx and i see i was forcing tlsv1_2 with requests HTTPadapter , but i dont think these is comp with httpx, i was wondering how i can force httpx to use specific tls version

from requests.adapters import HTTPAdapter
from urllib3.poolmanager import PoolManager
import ssl


class MyAdapter(HTTPAdapter):
    def init_poolmanager(self, connections, maxsize, block=False):
        self.poolmanager = PoolManager(num_pools=connections,
                                       maxsize=maxsize,
                                       block=block,
                                       ssl_version=ssl.PROTOCOL_TLSv1_2)



....



session = requests.session()
session.mount('https://', MyAdapter())

I was doing like these in requests

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:9 (5 by maintainers)

github_iconTop GitHub Comments

2reactions
sethmlarsoncommented, Oct 10, 2019

So the way I’d recommend accomplishing this:

>>> import ssl
>>> import httpx
>>> ssl_config = httpx.SSLConfig()
>>> ssl_context = ssl_config.load_ssl_context()
>>> ssl_context.options |= getattr(ssl, "OP_NO_TLSv1_3", 0)
>>> client = httpx.Client(verify=ssl_context)
>>> resp = client.get("https://howsmyssl.com/a/check")
>>> print(resp.json()["tls_version"])
'TLSv1.2'

Currently we don’t allow passing an SSLConfig object to verify= (which maybe we should because this is painful)

1reaction
florimondmancacommented, Oct 10, 2019

Thanks for opening. Since I believe TLS v1.2 is considered insecure, I suppose you were forcing 1.2 because the client you’re connecting to is exposing that version of TLS? If you don’t have such a requirement anymore I’d advocate in favor of using 1.3.

If you really need it though, there may be an undocumented API (most likely SSLConfig) that you could somehow override, but I can’t dig it out right now.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to enable TLS 1.2 on clients - Microsoft Learn
When enabling TLS 1.2 for your Configuration Manager environment, start by ensuring the clients are capable and properly configured to use ...
Read more >
Forcing traffic to use TLS 1.2 - HCL Product Documentation
Modify the WebSphere SSL client properties file to force the use of TLS 1.2. On every WebSphere node, open ssl.client.prop in ...
Read more >
Forcing an old .NET application to support TLS 1.2 without ...
Thankfully, you can also force an existing application to use the system default TLS versions without having to re-compile it (assuming it ...
Read more >
Specifying minor TLS version when using curl - Super User
Take a look at the --cipher option see manpage and OpenSSL docs. You should be able to provide a cipher list that will...
Read more >
How to force Control-M/Server to only accept TLS 1.2 ...
How to force Control-M/Server to only accept TLS 1.2 connections or use a suite based on SHA256, or a specific cipher ?
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Require `pip install httpx[http2]` for HTTP/2 support

Next page

Passing 'timeout=None' should always result in no timeout