Python websocket connection to Refinitiv Realtime fails with SSL error
I am trying to connect to the Refinitiv Realtime Optimized platform in AWS using websockets in python.
I am using the market_price_rdpgw_service_discovery.py example from https://github.com/Refinitiv/websocket-api/tree/master/Applications/Examples/RDP/python#windowslinuxmacos
The HTTP requests for service discovery work and I can setup a token but the websocket connection fails:
Sending Refinitiv Data Platform service discovery request to https://api.refinitiv.com/streaming/pricing/v1/
Refinitiv Data Platform Service discovery succeeded. RECEIVED:
....
Connecting to WebSocket wss://eu-west-1-aws-3-sm.optimized-pricing-api.refinitiv.net:443/WebSocket for session1...
Traceback (most recent call last):
File "/home/tom/anaconda3/envs/rrt_client/lib/python3.8/site-packages/websocket/_app.py", line 312, in run_forever
self.sock.connect(
File "/home/tom/anaconda3/envs/rrt_client/lib/python3.8/site-packages/websocket/_core.py", line 248, in connect
self.sock, addrs = connect(url, self.sock_opt, proxy_info(**options),
File "/home/tom/anaconda3/envs/rrt_client/lib/python3.8/site-packages/websocket/_http.py", line 121, in connect
sock = _ssl_socket(sock, options.sslopt, hostname)
File "/home/tom/anaconda3/envs/rrt_client/lib/python3.8/site-packages/websocket/_http.py", line 256, in _ssl_socket
sock = _wrap_sni_socket(sock, sslopt, hostname, check_hostname)
File "/home/tom/anaconda3/envs/rrt_client/lib/python3.8/site-packages/websocket/_http.py", line 231, in _wrap_sni_socket
return context.wrap_socket(
File "/home/tom/anaconda3/envs/rrt_client/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/home/tom/anaconda3/envs/rrt_client/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/home/tom/anaconda3/envs/rrt_client/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:1131)
EOF occurred in violation of protocol (_ssl.c:1131) for session1
WebSocket Closed for session1
I've tried disabling all SSL verification and fixing the version to TSL 1.2 but still get the same error on handshake with the socket.
def connect(self):
# Start websocket handshake
ws_address = "wss://{}/WebSocket".format(self.host)
print("Connecting to WebSocket " + ws_address + " for " + self.session_name + "...")
self.web_socket_app = websocket.WebSocketApp(ws_address,
on_message=self._on_message,
on_error=self._on_error,
on_close=self._on_close,
on_open=self._on_open,
subprotocols=['tr_json2'])
sslopt = {
'check_hostname': False,
"verify_mode": ssl.CERT_NONE,
"cert_reqs": ssl.CERT_NONE,
"ssl_version": ssl.PROTOCOL_TLSv1_2,
}
wst = threading.Thread(target=self.web_socket_app.run_forever, kwargs={'sslopt': sslopt})
wst.start()
Here are some of the relevant library version:
pip list |grep 'socket\|request\|http\|cert\|url'
certifi 2021.10.8
ndg-httpsclient 0.5.1
requests 2.22.0
requests-toolbelt 0.9.1
urllib3 1.25.11
websocket-client 1.1.0
Has anyone else seen this and been able to resolve?
This is running behind a corporate proxy which I have no control over, but the HTTP requests for service discovery are working which makes me thing the SSL setup is OK in python requests generally, but there is an issue with websockets.
Best Answer
Answers
-
Hi @_Tom_
We cannot provide much Websocket API guidance in terms of dealing with corporate proxies as there can be many factors at play and variations depending on your local security implementations.
However, a few things to try
- set proxy parameters for the WebSocketApp instance in the code (websocket/_app.py — websocket-client 1.2.3 documentation )
- set the https_proxy and http_proxy parameters as environmental variables before running the script
Certainly, I am aware of a couple of users where the 2nd option allowed to connect.
You should speak to your internal security team for further guidance. You can also raise a ticket with the RTO team - who may be able to provide some assistance to your security team.
0 -
I've tried setting http_proxy and https_proxy, it works for the initial http requests but not for the websocket. If I set them incorrectly then I can break the normal requests, setting them correctly goes back to trying the websocket connection and failing:
Connecting to WebSocket wss://eu-west-1-aws-3-sm.optimized-pricing-api.refinitiv.net:443/WebSocket for session1...
Traceback (most recent call last):
File "/home/tom/anaconda3/envs/rrt_client/lib/python3.8/site-packages/websocket/_app.py", line 312, in run_forever
self.sock.connect(
File "/home/tom/anaconda3/envs/rrt_client/lib/python3.8/site-packages/websocket/_core.py", line 248, in connect
self.sock, addrs = connect(url, self.sock_opt, proxy_info(**options),
File "/home/tom/anaconda3/envs/rrt_client/lib/python3.8/site-packages/websocket/_http.py", line 117, in connect
sock = _tunnel(sock, hostname, port, auth)
File "/home/tom/anaconda3/envs/rrt_client/lib/python3.8/site-packages/websocket/_http.py", line 287, in _tunnel
raise WebSocketProxyException(
websocket._exceptions.WebSocketProxyException: failed CONNECT via proxy status: 504
failed CONNECT via proxy status: 504 for session1
WebSocket Closed for session1Basic network connectivity works on port 443 based on telnet:
telnet eu-west-1-aws-3-sm.optimized-pricing-api.refinitiv.net 443
Trying 159.43.201.118...
Connected to eu-west-1-aws-3-sm.optimized-pricing-api.refinitiv.biz.
Escape character is '^]'.0 -
For anyone else reading this thread with similar problems it turned out to be network configuration issues. The hosts returned from the service discovery call resolve to internal IPs that we didn't have routing for (e.g. refinitiv.net were CNAMEs for refinitiv.biz internal addresses).
We did have network connectivity setup for us-east region and just set that group of hosts. The EOF error from the websocket ssl handshake is really because the resolved IP is not a refinitiv RTO server due to the network setup.0 -
Thanks for checking the proxy setup, I've commented below on the real issue which was company specific network setup. But this will be useful for others.0
Categories
- All Categories
- 6 AHS
- 36 Alpha
- 166 App Studio
- 6 Block Chain
- 4 Bot Platform
- 18 Connected Risk APIs
- 47 Data Fusion
- 34 Data Model Discovery
- 684 Datastream
- 1.4K DSS
- 613 Eikon COM
- 5.2K Eikon Data APIs
- 10 Electronic Trading
- Generic FIX
- 7 Local Bank Node API
- 3 Trading API
- 2.9K Elektron
- 1.4K EMA
- 248 ETA
- 552 WebSocket API
- 37 FX Venues
- 14 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 23 Messenger Bot
- 3 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 60 Open Calais
- 275 Open PermID
- 44 Entity Search
- 2 Org ID
- 1 PAM
- PAM - Logging
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 22 RDMS
- 1.9K Refinitiv Data Platform
- 629 Refinitiv Data Platform Libraries
- 4 LSEG Due Diligence
- LSEG Due Diligence Portal API
- 4 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.2K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 12 World-Check Customer Risk Screener
- 1K World-Check One
- 46 World-Check One Zero Footprint
- 45 Side by Side Integration API
- 2 Test Space
- 3 Thomson One Smart
- 10 TR Knowledge Graph
- 151 Transactions
- 143 REDI API
- 1.8K TREP APIs
- 4 CAT
- 26 DACS Station
- 121 Open DACS
- 1.1K RFA
- 104 UPA
- 191 TREP Infrastructure
- 228 TRKD
- 915 TRTH
- 5 Velocity Analytics
- 9 Wealth Management Web Services
- 86 Workspace SDK
- 11 Element Framework
- 5 Grid
- 18 World-Check Data File
- 1 Yield Book Analytics
- 46 中文论坛
