Force SSLv3 or TLSV1 in splinter

Question

I am trying to visit gateway.playneverwinter.com with splinter

from splinter import Browser

browser = Browser()
browser.visit('https://gateway.playneverwinter.com')

if browser.is_text_present('Neverwinter'):
    print("Yes, we made it to the entrance of the Prime Material Plane!")
else:
    print("Fumble")

browser.quit()

It fails with

 File "gateway_bot.py", line 10, in <module>
    browser.visit('https://gateway.playneverwinter.com')
  File "/usr/local/lib/python3.4/dist-packages/splinter/driver/webdriver/__init__.py", line 53, in visit
    self.connect(url)
  File "/usr/local/lib/python3.4/dist-packages/splinter/request_handler/request_handler.py", line 23, in connect
    self._create_connection()
  File "/usr/local/lib/python3.4/dist-packages/splinter/request_handler/request_handler.py", line 53, in _create_connection
    self.conn.endheaders()
  File "/usr/lib/python3.4/http/client.py", line 1061, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python3.4/http/client.py", line 906, in _send_output
    self.send(msg)
  File "/usr/lib/python3.4/http/client.py", line 841, in send
    self.connect()
  File "/usr/lib/python3.4/http/client.py", line 1205, in connect
    server_hostname=server_hostname)
  File "/usr/lib/python3.4/ssl.py", line 364, in wrap_socket
    _context=self)
  File "/usr/lib/python3.4/ssl.py", line 578, in __init__
    self.do_handshake()
  File "/usr/lib/python3.4/ssl.py", line 805, in do_handshake
    self._sslobj.do_handshake()
  ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:598)

Firefox is able to connect and browse this site without issue, tough. After some diagnostic

$ openssl s_client -connect gateway.playneverwinter.com:443               
CONNECTED(00000003)
139745006343840:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:

I found that it looked like a fixed issue in OpenSSL and that forcing either SSLv3 or TLSv1 allowed me to connect (and that I could then download the target with cURL) e.g. either of

openssl s_client -ssl3 -connect gateway.playneverwinter.com:443
openssl s_client -tls1 -connect gateway.playneverwinter.com:443

According to the comments in the OpenSSL ticket, I expect that the issue is on the server side, but as I do not have access to it, it is quite unhelpful. So, for a quick fix, is there a way to force splinter to use SSLv3 or TLSv1?

Answer 1

Following @Natecat suggestion, I wrote a monkey patch to force SSLv3 when this error occurs

# Monkey patch splinter to force SSLv3 on `ssl.SSLEOFError`
from splinter import request_handler
import ssl
from http import client as http_client
_old_req = request_handler.request_handler.RequestHandler._create_connection
def _splinter_sslv3_patch(self):
    try:
        _old_req(self)
    except ssl.SSLEOFError:
        self.conn = http_client.HTTPSConnection(self.host, self.port,
                                                context=ssl.SSLContext(ssl.PROTOCOL_SSLv3))
        self.conn.putrequest('GET', self.path)
        self.conn.putheader('User-agent', 'python/splinter')
        if self.auth:
            self.conn.putheader("Authorization", "Basic %s" % self.auth)
        self.conn.endheaders()
request_handler.request_handler.RequestHandler._create_connection = _splinter_sslv3_patch

Answer 2

After looking into it, the only way I can think of doing that would to be to go into that client.py file and change the initialization of their ssl stuff.