SSL EOF Error
TL;DR
Our (TrustedHousesitters.com) integration with the Mailchimp API (via Requests and Mailsnake) stopped working with the following error occurring on all https requests:
_ssl.c:504: EOF occurred in violation of protocol
Although not confirmed from Mailchimp yet, it looks like this might be related to them (or someone upstream) mitigating the Poodle SSL vulnerability. The fix (for us) was to patch the python ssl module to force the use TLS1.0. Code below source:
import ssl
from functools import wraps
def sslwrap(func):
@wraps(func)
def bar(*args, **kw):
kw['ssl_version'] = ssl.PROTOCOL_TLSv1
return func(*args, **kw)
return bar
ssl.wrap_socket = sslwrap(ssl.wrap_socket)
Background
Another week, another SSL vulnerability. "Poodle" as it's known affects SSL 3.0. There is no specific patch, instead removing SSL 3.0 support from your webserver is the recommended approach good blog post here on this. As the sysadmins the world over start pulling out v3.00 support, any clients reliant on this are going to have problems...old IE6 being one of the bigger ones. From our experience over the last day or two, it seems that Python clients could also be affected.
As mentioned above we leverage the Mailchimp API fairly heavily. We suddenly began getting SSL errors (interestingly we couldn't reproduce on MacOS, leading us to think it the issue was in the openssl implementation). Digging deeper we found information to suggest that by default Python will try and connect using SSLv2/v3. When we patched the Python ssl module to always use TLS1.0 the error stopped. So guessing there is an issue in the handshaking somewhere.