Reputation: 73
Getting "sslv3 alert handshake failure" when trying to connect to imap
i need to do a script for imap backup but when i'm trying to connect to the imap server with my script i'm getting that error:
File "c:\Users\Lenovo\Desktop\python\progettoscuola.py", line 5, in <module>
imapSrc = imaplib.IMAP4_SSL('mail.safemail.it')
File "C:\Program Files\Python310\lib\imaplib.py", line 1323, in __init__
IMAP4.__init__(self, host, port, timeout)
File "C:\Program Files\Python310\lib\imaplib.py", line 202, in __init__
self.open(host, port, timeout)
File "C:\Program Files\Python310\lib\imaplib.py", line 1336, in open
IMAP4.open(self, host, port, timeout)
File "C:\Program Files\Python310\lib\imaplib.py", line 312, in open
self.sock = self._create_socket(timeout)
File "C:\Program Files\Python310\lib\imaplib.py", line 1327, in _create_socket
return self.ssl_context.wrap_socket(sock,
File "C:\Program Files\Python310\lib\ssl.py", line 512, in wrap_socket
return self.sslsocket_class._create(
File "C:\Program Files\Python310\lib\ssl.py", line 1070, in _create
self.do_handshake()
File "C:\Program Files\Python310\lib\ssl.py", line 1341, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)```
Upvotes: 7
Views: 26295
Answers (1)
Reputation: 123375
Python 3.10 increased the default security settings of the TLS stack by among other things prohibiting any ciphers which still use the RSA key exchange. RSA key exchange is long considered inferior since it does not provide forward secrecy and is therefore also no longer available in TLS 1.3. So in general the change in Python 3.10 can be considered an improvement.
But, some servers still require this obsolete key exchange and mail.safemail.it seems to be among these. Connecting to such servers with the newly hardened TLS settings will now fail, even if it succeeded with older versions of Python.
To make connections possible again it is necessary to use weaker security settings. For this specific server it can be done by falling back to the DEFAULT ciphers used by OpenSSL. The following code will create a new SSL context and use it for connecting to the host. The important part here is to use weaker settings using ctx.set_ciphers('DEFAULT') .
import imaplib
import ssl
ctx = ssl.create_default_context()
ctx.set_ciphers('DEFAULT')
imapSrc = imaplib.IMAP4_SSL('mail.safemail.it', ssl_context = ctx)
Upvotes: 21
Related Questions
- imapclient error on Windows
- python 3 smtplib exception: 'SSL: WRONG_VERSION_NUMBER' logging in to outlook
- imapClient error (diff version python and windows)
- SSLv3 alert handshake failure
- Python 3.4 - Connect to imap server using only TLSv1
- How to connect with Python IMAP4_SSL and self-signed server SSL cert?
- imaplib python with ssl certificate
- SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
- Errno 10060 and IMAP4_SSL
- IMAP4_SSL: EOF occurred in violation of protocol