How to Solve Python Error - requests.exceptions.SSLError dh key too small

How to Solve Python Error – requests.exceptions.SSLError dh key too small

by

requests.exceptions.SSLError dh key too small is an error which happens in python when there is an error in your ssl settings.

In this article I am going to explain what happens when you get this error and how you can solve it with a main solution, we will also explore other solutions which can possibly solve the issue.

Exploring the Error : requests.exceptions.SSLError dh key too small

This error occurs when there is an ssl key issue. It is easy to reproduce this error, just make sure that the error you are having is like or similar to the error we included bellow.

                                                                       #
Traceback (most recent call last):
  File "test.py", line 9, in <module>
    page = requests.get(url, verify=False)
    return request('get', url, params=params, **kwargs)
  ...
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: SSL_NEGATIVE_LENGTH] dh key too small (_ssl.c:600)
                                                                       #

Bellow I will present multiple solutions some have worked for me and others have worked for other developers.

Solution 1 : only for Ubuntu users

The first solution is for ubuntu users, the fix is to install pyopenSSL using pip.

                                                                       #
pip install --ignore-installed pyOpenSSL --upgrade
                                                                       #

The solution and the command above should be enough to get rid of the issue. If not, then try the solution bellow.

Solution 2 : edit SECLEVEL

In case the solution above does not solve your problem

Locate the line of code bellow in /etc/ssl/openssl.cnf.

                                                                       #
CipherString = DEFAULT@SECLEVEL=2
                                                                       #

Remove the line entirely or just comment it, I assume you know how to comment in python using #

Solution 3 : for CentOS 7 users

Navigate to /etc/pki/tls/openssl.cnf:

Find the code bellow and Set ‘ALL:@SECLEVEL=1’ in /etc/crypto-policies/back-ends/opensslcnf.config.

                                                                       #
[ crypto_policy ]
.include /etc/crypto-policies/back-ends/opensslcnf.config  
[ new_oids ]  
                                                                       #

This should be enough to get rid of the error for good. Try the solution bellow if this one did not work.

Solution 4 : add one command to Dockerfile

If you are using Dockerfile add the following command to comment the bad CipherString line.

                                                                       #
RUN sed -i '/CipherString = DEFAULT/s/^#\?/#/' /etc/ssl/openssl.cnf
                                                                       #

If you like our solutions, please consider supporting us on kofi, we have big red button at the top of this page.

Summing-up

This is the end of our article, I hope you found our article and website useful, keep creating and keep coding. Errors are normal in Python and in our field, cheers.

If you want to learn more about Python, please check out the Python Documentation : https://docs.python.org/3/

Related posts:

  1. Selenium.common.exceptions.WebDriverException: Message: ‘chromedriver’ executable needs to be in PATH error with Headless Chrome In Python
  2. _tkinter.TclError: no display name and no $DISPLAY environment variable
  3. Solving Python Error – A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately
  4. Solving The ERROR:gpu_process_transport_factory.cc(1007)-Lost UI shared context : with Chrome browser and ChromeDriver in Headless mode