Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#2765 closed bug (Fixed)

Add support for TLS SNI in httpdownloader

Reported by: Cas Owned by:
Priority: minor Milestone: 1.3.13
Component: Core Version: 1.3.11
Keywords: Cc:


Sites that use cloudflare require TLSv1.2 and use SNI.

From forum:

[DEBUG   ] 11:54:50 addtorrentdialog:715 Download failed: [Failure instance: Traceback: <class 'OpenSSL.SSL.Error'>: [('SSL routines', 'SSL23_GET_SERVER_HELLO', 'tlsv1 alert internal error')]
--- <exception caught here> ---

As this is now supported in Twisted >= 14 we can add support.

To verify if this is the issue a simply test without the server name:

openssl s_client -connect
> ...
> 139785801238176:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:770:
> ...

By adding the server name in the request it will now pass:

openssl s_client -connect -servername

Change History (2)

comment:1 Changed 2 years ago by Cas

For reference here is the current working code:

  • deluge/

    diff --git a/deluge/ b/deluge/
    index 14dcdc3..0b8d1af 100644
    a b def download_file(url, filename, callback=None, headers=None, force_filename=Fal 
    211211    factory = HTTPDownloader(url, filename, callback, headers, force_filename, allow_compression) 
    212212    if scheme == "https": 
    213213        from twisted.internet import ssl 
    214         reactor.connectSSL(host, port, factory, ssl.ClientContextFactory()) 
     214        from twisted.internet._sslverify import ClientTLSOptions 
     216        class TLSSNIContextFactory(ssl.ClientContextFactory): 
     217            def getContext(self, hostname=None, port=None): 
     218                ctx = ssl.ClientContextFactory.getContext(self) 
     219                ClientTLSOptions(host, ctx) 
     220                return ctx 
     222        reactor.connectSSL(host, port, factory, TLSSNIContextFactory()) 
    215223    else: 
    216224        reactor.connectTCP(host, port, factory) 

comment:2 Changed 2 years ago by Cas

  • Resolution set to Fixed
  • Status changed from new to closed

Fixed 1.3-stable: [697c22a46cfc]

Just to reiterate this fix requires Twisted >= 14 to work.

Last edited 2 years ago by Cas (previous) (diff)
Note: See TracTickets for help on using tickets.