CODEWITHSUNDEEP
mongodbsslopensslssl-certificatepymongo
Siddharth Kumar
Siddharth Kumar

Reputation: 698

Pymongo: SSL handshake failed: EOF occurred in violation of protocol (_ssl.c:590)

I am getting SSL handshake failed while connecting to MongoDB using pymongo where SSL=True

Traceback (most recent call last):
  File "pymongo_ssl.py", line 7, in <module>
    print mongoClient.database_names()
  File "/home/modak/.virtualenvs/enod-venv/local/lib/python2.7/site-packages/pymongo/mongo_client.py", line 1149, in database_names
    "listDatabases")["databases"]]
  File "/home/modak/.virtualenvs/enod-venv/local/lib/python2.7/site-packages/pymongo/database.py", line 491, in command
    with client._socket_for_reads(read_preference) as (sock_info, slave_ok):
  File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
    return self.gen.next()
  File "/home/modak/.virtualenvs/enod-venv/local/lib/python2.7/site-packages/pymongo/mongo_client.py", line 859, in _socket_for_reads
    with self._get_socket(read_preference) as sock_info:
  File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
    return self.gen.next()
  File "/home/modak/.virtualenvs/enod-venv/local/lib/python2.7/site-packages/pymongo/mongo_client.py", line 823, in _get_socket
    server = self._get_topology().select_server(selector)
  File "/home/modak/.virtualenvs/enod-venv/local/lib/python2.7/site-packages/pymongo/topology.py", line 214, in select_server
    address))
  File "/home/modak/.virtualenvs/enod-venv/local/lib/python2.7/site-packages/pymongo/topology.py", line 189, in select_servers
    self._error_message(selector))
pymongo.errors.ServerSelectionTimeoutError: SSL handshake failed: EOF occurred in violation of protocol (_ssl.c:590)

Python code

from pymongo import MongoClient
MONGO_URI='mongodb://localhost:27017'
mongoClient = MongoClient(MONGO_URI, ssl=True, ssl_ca_certs='ca-certs.pem')
print mongoClient.database_names()`

Upvotes: 1

Views: 4557

Answers (2)

Kasper747
Kasper747

Reputation: 31

Try something like this. Worked for me with mongoengine:

ent#preReq:  pip3 install certifi
from pymongo import MongoClient
import pymongo
import certifi

client = pymongo.MongoClient(URI, tlsCAFile=certifi.where())

Upvotes: 1

qff
qff

Reputation: 5942

You may have a Python setup that only supports TLS 1.0 – not TLS 1.1 or above. This was at least the problem I had.

You can check it like this:

Python 3

> from urllib.request import urlopen
> urlopen('https://www.howsmyssl.com/a/check').read()

Python 2

> from urllib2 import urlopen
> urlopen('https://www.howsmyssl.com/a/check').read()

Check the output for the key tls_version. If it says TLS 1.0 and not TLS 1.1 or TLS 1.2 that could be the problem.

If you're using a virtualenv, be sure to run the command inside.

Solution: Install Python with a newer version of OpenSSL

In order support TLS 1.1 or above, you may need to install a newer version of OpenSSL, and install Python again afterwards. This should give you a Python that supports TLS 1.1.

The process depends on your operating system – here's a guide for OS X.

virtualenv users
For me, the Python outside of my virtualenv had TLS 1.2 support, so just I removed my old virtualenv, and created a new one with the same packages and then it worked. Easy peasy!

See also

  • The warning about TLS 1.0 in the Python 3 section in the PyMongo documenation. Although it's under the Python 3 section it also applies to Python 2

Upvotes: 3

Related Questions