SSL error with Zeep - how to change cipher suite?

Question

I am trying to use Zeep to load a WSDL file, but when I do, I receive the following error:

requests.exceptions.SSLError: HTTPSConnectionPool(host='api-mte.itespp.org', port=443): Max retries exceeded with url: /markets/VirtualService/v2/?WSDL (Caused by SSLError(SSLError(1, '[SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:997)')))

I have read in another answer (Python - requests.exceptions.SSLError - dh key too small) that this can be solved using a different cipher suite (as I think the server is old which is what's causing this error), but I don't know how to do this with Zeep. Any ideas? Thanks!

Answer 1

The answer is basically the same as from [another question][1] I asked as zeep uses the requests module, and after using requests to get the cipher you want, it is merely applying that session to zeep. Below is a code sample I used.

# Define wsdl file

# Define the custom cipher suites you want to use
custom_cipher_suite = [
    "ECDHE-RSA-AES256-GCM-SHA384",
#    "DHE-RSA-AES256-GCM-SHA384",
#    "ECDHE-RSA-AES128-GCM-SHA256"
#    "TLS_AES_256_GCM_SHA384"
]

class CustomCipherAdapter(HTTPAdapter):
    def init_poolmanager(self, *args, **kwargs):
        context = create_urllib3_context(ciphers=":".join(custom_cipher_suite))
        kwargs['ssl_context'] = context
        return super(CustomCipherAdapter, self).init_poolmanager(*args, **kwargs)

# Create a session and mount the adapter
session = requests.Session()
session.mount("https://", CustomCipherAdapter())

client = zeep.Client(wsdl=wsdl, transport=zeep.Transport(session=session))


  [1]: https://stackoverflow.com/questions/77262501/how-to-alter-cipher-suite-used-with-python-requests/77270120#77270120