PythonBoxSDK SSLError

1 year ago
January 9, 2024
4 replies
258 views

user164
New Participant
2 replies

Dear Forum,

When running BoxAPI through an internal proxy,
I am having trouble because [EE certificate key too weak] SSLError has occurred.
Internal proxy information is set in Python-BoxSDK,
Skipping certificate validation will prevent SSLError from occurring.

Please let me know the cause of the above problem and how to resolve it.
My personal opinion is that the security strength of the certificate sent from the internal proxy is too weak.

【SSL Error】
requests.exceptions.SSLError: HTTPSConnectionPool(host=‘api.box.com’, port=443): Max retries exceeded with url: /oauth2/token (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: EE certificate key too weak (_ssl.c:997)’)))

rbarbosa Box
Developer Advocate
553 replies
1 year ago
January 9, 2024

Hi @user164 , welcome to the forum!

That is certainly a possibility. I would also check what version of TLS your proxy is using.

See this article.

Can you test without using the proxy?

Best I can do is open a support ticket for you, perhaps the support folks can help you diagnose the issue.

Let us know

Best regards

user164
Author
New Participant
2 replies
1 year ago
January 12, 2024

Thank you for your reply.
The internal proxy’s TLS was 1.2.
I think there is no problem with 1.2, what do you think?

For tests without the internal proxy, you cannot access the Internet from within your company without going through a internal proxy.
The API will work if executed on a network different from the internal network.

If you have any opinions, please let us know
Thank you for your support.

rbarbosa Box
Developer Advocate
553 replies
1 year ago
January 17, 2024

Hi,

If your proxy is using TLS 1.2 then it is ok, only 1.1 was deprecated.

It all points to the internal certificate of your proxy.

Check with your IT team. Make sure it has been issued by a trusted certificate authority, and it is a valid certificate.

At this point I’m not sure how I can help further.

Best regards

user164
Author
New Participant
2 replies
1 year ago
February 6, 2024

Thank you for your opinion, it is very helpful.
I used wireshark to check the certificate sent by my internal proxy.
The length of the certificate was 775 bytes, and the encryption method was sha256WithRSAEncryption. Also, the length of the public key was 201 bytes, and it was EC Diffie-Hellman Server Params.

In my opinion, the cause is that the public key length is not long enough for opnessl’s security level 2.
Please let us know what you think of everyone.
Thank you for your support.

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Reply

Related topics

create a string and paste in Send an Email actionicon

Part 1: Work with repeating section data from SharePoint based Nintex Forms

Start a Nintex Workflow Cloud Workflow from an Amazon IoT Button

K2 Five (5.4) Release Notes

Integrating K2 with Microsoft Teams

Most helpful members this week

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings