SSL issue starting from openssl 3.2 #128141
Labels
extension-modules
C modules in the Modules dir
topic-SSL
type-bug
An unexpected behavior, bug, or error
Bug report
Bug description:
Hi,
There appears to be an issue either in the asyncio SSL code when upgrading a connection with
start_tls
or in the function _ssl__SSLSocket_read_impl, starting from OpenSSL 3.2.The following code works fine with OpenSSL 3.1.4 but fails with OpenSSL 3.2.0 when TLS 1.3 is used. I’ve tested multiple combinations of OpenSSL and Python versions, and the issue seems to lie either in OpenSSL or Python. I’m unsure whether to report this here or on the OpenSSL GitHub, but it does appear to be a bug.
Starting with OpenSSL 3.2, the following exception is raised:
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:2576)
This issue is caused by
SSL_read_ex
returningSSL_ERROR_SYSCALL
after successfully reading the HTTP response body. From my observations,errno
is0
at the time of the error.The OpenSSL 1.1.1 documentation (SSL_get_error) suggests this behavior should not occur in modern versions of OpenSSL. If I understand correctly, this could also be a regression introduced in OpenSSL 3.2.
I’m not sure if this is a bug in Python or OpenSSL, but it seems likely to become a problem once more systems upgrade to OpenSSL 3.2.
Here's the minimal reproducible sample code:
CPython versions tested on:
3.10, 3.11, 3.12, 3.13, 3.14
Operating systems tested on:
Linux
The text was updated successfully, but these errors were encountered: