The error Cannot Import Name DEFAULT_CIPHERS from urllib3.util.ssl_ on AWS Lambda occurs when you are trying to import the DEFAULT_CIPHERS variable from the urllib3.util.ssl_ module in your Lambda function, but the module is unavailable in the environment.
Quick Solution: Downgrade the urllib3 library to version 1.26.0 using pip install requests “urllib3<2”.
pip install requests "urllib3<2"This tutorial explains the root cause and different methods to solve the error Cannot Import Name DEFAULT_CIPHERS from urllib3.util.ssl_ on AWS Lambda function.
Table of Contents
Understanding The Error : Cannot Import Name DEFAULT_CIPHERS from urllib3.util.ssl_ on AWS Lambda
Four different libraries are in play here for the error: Cannot Import Name DEFAULT_CIPHERS from urllib3.util.ssl_.
- The
urllib3module, that provides support forURLrequests - The
requestslibrary, that provides an easy-to-use interface for making HTTP requests. This library uses theurllib3library - The
Boto3library, that provides an interface for interacting with AWS services - The
botocoreis internally used by theBoto3library, and thebotocoreurllib3library.
The urllib3 version 2 doesn’t have the DEFAULT_CIPHERS variable. Botocore doesn’t support this change in urllib3 version 2.0.0 yet. A GitHub issue is open for this, and the botocore team is aware of the issue, but no timeline has been announced yet to support this.
The following image shows that the libraries’ requests and botocore require urllib3.
To find the requests library version, use the pip show command.
pip show requestsOutput
It shows the library version number and all the libraries that depend on this library.
Name: requests
Version: 2.30.0
Summary: Python HTTP for Humans.
Home-page: https://requests.readthedocs.io
Author: Kenneth Reitz
Author-email: me@kennethreitz.org
License: Apache 2.0
Location: /opt/anaconda3/lib/python3.9/site-packages
Requires: urllib3, charset-normalizer, idna, certifi
Required-by: webdriver-manager, transformers, tldextract, tensorboard, Sphinx, spacy, requests-oauthlib, requests-file, requests-aws4auth, redshift-connector, panel, jupyterlab-server, huggingface-hub, coveralls, cookiecutter, conda, conda-repo-cli, conda-build, anaconda-project, anaconda-clientVersion 2.30.0 of the requests library incorporates urllib3 version 2. This integration with urllib3 version 2 occurred as part of the requests library’s upgrade to 2.30.0.
As a result, the botocore library is also trying to use the urllib3 version 2, which doesn’t have the DEFAULT_CIPHERS variable. Hence, this error is being thrown.
Let us see the different approaches to solve this error.
Approach 1: Solving the Error Using The URLLib3 version < 2
The urllib3 official migration guide states that the botocore doesn’t support version 2 yet.
Hence, the best approach to solve the error Cannot Import Name DEFAULT_CIPHERS from urllib3.util.ssl_ in AWS lambda is to downgrade the urllib3 to a version older than 2.
You can use this method when you want to use the latest requests library and also want to use the botocore in your program.
Below is how to downgrade the urllib3 to a version older than 2 in different environments.
Using Requirements.txt File to Specify Dependencies
If you’re using the requirements.txt file to specify your application’s dependencies, specify the urllib3 as given in the following statement. It’ll downgrade the library accordingly.
Requirements.txt:
urllib3<2Pip Installation for Creating a Virtual Environment
Suppose you use the virtual environments and zip file to deploy the dependencies as an AWS lambda layer. You can install the earlier version using the following statement.
pip install "urllib3<2"To use the latest version of the requests library but the urllib3 version that is less than 2, use the following pip install.
pip install requests "urllib3<2"Approach 2: Solving the Error Using The Requests Library Version 2.29.0
Another approach to solving the error Cannot Import Name DEFAULT_CIPHERS from urllib3.util.ssl_ is to downgrade the requests library to version 2.29.0 from 2.30.0.
Because the requests library 2.29.0 uses the urllib3 version 1.26.7 as shown in the following image.
The 1.26.7 version has the DEFAULT_CIPHERS variable. So, using this version can solve the error.
Use this method when you do not want to use the latest version of the requests library.
Solving While using Requirements.txt File to Specify Dependencies
If you’re using the requirements.txt file to specify your application’s dependencies, specify the requests as given in the following statement. It’ll downgrade the library accordingly.
requests==2.29.0Pip Installation for Creating a Virtual Environment
If you’re using the virtual environments and zip files to deploy the dependencies as an AWS lambda layer, you can install the specific version of the requests library.
pip install requests==2.29.0This solves the error.
Best Practices While Upgrading Libraries
Before upgrading any libraries, it is important to check the backward compatibilities and other necessary things. Here are some tips:
- Check the release notes for the library you are upgrading. The release notes will typically list any breaking changes that were introduced in the new version.
- Use a dependency management tool like
piporpoetryto manage your libraries. This will help you keep track of your libraries’ versions and avoid conflicts.
Conclusion
In this tutorial, you learned about the error Cannot Import Name DEFAULT_CIPHERS from urllib3.util.ssl_ on AWS Lambda. You also learned two approaches to solving this error:
- Downgrading the urllib3 library to a version older than 2.
- Downgrading the requests library to version 2.29.0.
The best approach to solve this error depends on your specific needs. If you need to use the latest version of the requests library, then you can downgrade the urllib3 library to a version older than 2. If you are not using the newest version of the requests library, then you can downgrade the requests library to version 2.29.0.
I hope this tutorial was helpful. Let me know in the comments if you have any other questions.