Bug 802345

Simple python command line program test

from zeep import Client
client = Client("https://wsaahomo.afip.gov.ar/ws/services/LoginCms?wsdl")

Return: [SSL: DH_KEY_TOO_SMALL]

If remove patch 0015-bpo-43998-Default-to-TLS-1.2-and-increase-cipher-sui.patch, and recompile python-3.9.5.p2 urllib3 and httplib2 works again







Reproducible: Always

Steps to Reproduce:
1.python3.9
2.from zeep import Client
3.client = Client("https://wsaahomo.afip.gov.ar/ws/services/LoginCms?wsdl")

File "/usr/lib/python3.9/site-packages/urllib3/util/retry.py", line 574, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='wsaahomo.afip.gov.ar', port=443): Max retries exceeded with url: /ws/services/LoginCms?wsdl (Caused by SSLError(SSLError(1, '[SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1145)')))
Actual Results:  
Python 3.9.5 (default, Jul 15 2021, 17:59:54) 
[GCC 10.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from zeep import Client
>>> client = Client("https://wsaahomo.afip.gov.ar/ws/services/LoginCms?wsdl")
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    httplib_response = self._make_request(
  File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    conn.connect()
  File "/usr/lib/python3.9/site-packages/urllib3/connection.py", line 411, in connect
    self.sock = ssl_wrap_socket(
  File "/usr/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
  File "/usr/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.9/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1145)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 755, in urlopen
    retries = retries.increment(
  File "/usr/lib/python3.9/site-packages/urllib3/util/retry.py", line 574, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='wsaahomo.afip.gov.ar', port=443): Max retries exceeded with url: /ws/services/LoginCms?wsdl (Caused by SSLError(SSLError(1, '[SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1145)')))


Expected Results:  
Python 3.9.5 (default, Jul 15 2021, 17:39:18) 
[GCC 10.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from zeep import Client
>>> client = Client("https://wsaahomo.afip.gov.ar/ws/services/LoginCms?wsdl")
>>> client.__dict__
{'settings': _local(strict=True, raw_response=False, force_https=True, extra_http_headers=None, xml_huge_tree=False, forbid_dtd=False, forbid_entities=True, forbid_external=True, xsd_ignore_sequence_order=False, _tls=<_thread._local object at 0x7fdd4f7d3900>), 'transport': <zeep.transports.Transport object at 0x7fdd4f789c70>, 'wsdl': <WSDL(location='https://wsaahomo.afip.gov.ar/ws/services/LoginCms?wsdl')>, 'wsse': None, 'plugins': [], '_default_service': None, '_default_service_name': None, '_default_port_name': None, '_default_soapheaders': None}
>>>