update default SSL cipher list in urllib3 < 1.25

Cloudflare now also checks the client's SSL/TLS cipher capabilities and produces a 403: Forbidden response with CAPTCHA if they are insufficient. This commit replaces the default cipher list in urllib3 < 1.25 with the one from 1.25 (1), which doesn't cause problems as long as the client platform actually supports these ciphers. On some platforms (tested with Python 3.4 on Linux and Python 3.7 on an outdated Windows 7 VM) it is necessary to install pyOpenSSL to get everything to work. Explicitly setting a minimum/maximum version for urllib3 is also no longer necessary and installing gallery-dl will therefore not pull a incompatible urllib3 version (#229) Fixes the "403: Forbidden" error on Artstation (#227) (1) 0cedb3b0f1
2019-05-03 17:21:01 +02:00 · 2019-05-03 17:21:01 +02:00 · 35f343206c
parent 77eae04bcf
commit 35f343206c
3 changed files with 32 additions and 4 deletions
--- a/gallery_dl/extractor/common.py
+++ b/gallery_dl/extractor/common.py
@ -402,3 +402,33 @@ def generate_extractors(extractor_data, symtable, classes):
 # (This allows the use of Wget-generated cookiejars without modification)
 http.cookiejar.MozillaCookieJar.magic_re = re.compile(
    "#( Netscape)? HTTP Cookie File", re.IGNORECASE)
+
+# Update default cipher list of urllib3 < 1.25
+# to fix issues with Cloudflare and, by extension, Artstation (#227)
+try:
+    import urllib3
+except ImportError:
+    pass
+else:
+    if urllib3.__version__ < "1.25":
+        from urllib3.util import ssl_
+        logging.getLogger("gallery-dl").debug(
+            "updating default urllib3 ciphers")
+        # cipher list taken from urllib3 1.25
+        # https://github.com/urllib3/urllib3/blob/1.25/src/urllib3/util/ssl_.py
+        ssl_.DEFAULT_CIPHERS = (
+            "ECDHE+AESGCM:"
+            "ECDHE+CHACHA20:"
+            "DHE+AESGCM:"
+            "DHE+CHACHA20:"
+            "ECDH+AESGCM:"
+            "DH+AESGCM:"
+            "ECDH+AES:"
+            "DH+AES:"
+            "RSA+AESGCM:"
+            "RSA+AES:"
+            "!aNULL:"
+            "!eNULL:"
+            "!MD5:"
+            "!DSS"
+        )
--- a/requirements.txt
+++ b/requirements.txt
@ -1,2 +1 @@
-requests>=2.11.0, <2.22.0
-urllib3>=1.16, <1.25, !=1.24.1, !=1.24.2
+requests>=2.11.0
--- a/setup.py
+++ b/setup.py
@ -102,8 +102,7 @@ setup(
    license="GPLv2",
    python_requires=">=3.4",
    install_requires=[
-        "requests>=2.11.0, <2.22.0",
-        "urllib3>=1.16, <1.25, !=1.24.1, !=1.24.2",
+        "requests>=2.11.0",
    ],
    packages=[
        "gallery_dl",