The Fix
Included a standalone `create_ssl_context()` function to provide users with a convenient way to generate an appropriately configured SSLContext.
Based on closed encode/httpx issue #983 · PR/commit linked
@@ -600,6 +600,23 @@ Alternatively, you can pass a standard library `ssl.SSLContext`.
```
+We also include a helper function for creating properly configured `SSLContext` instances.
+
+```python
Option A — Apply the official fix\nIncluded a standalone `create_ssl_context()` function to provide users with a convenient way to generate an appropriately configured SSLContext.\nWhen NOT to use: Do not use this function if you require custom SSL configurations not supported by the helper.\n\n
Why This Fix Works in Production
- Trigger: Standalone `create_ssl_context()` function?
- Mechanism: The library lacked a convenient way to generate an appropriately configured SSLContext
Why This Breaks in Prod
- The library lacked a convenient way to generate an appropriately configured SSLContext
- Production symptom (often without a traceback): Standalone `create_ssl_context()` function?
Proof / Evidence
- GitHub issue: #983
- Fix PR: https://github.com/encode/httpx/pull/996
- Reproduced locally: No (not executed)
- Last verified: 2026-02-11
- Confidence: 0.70
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.76
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“I _think_ this should have been closed by https://github.com/encode/httpx/pull/996? :-)”
Failure Signature (Search String)
- Standalone `create_ssl_context()` function?
- However, the one bit that's missing is that there currently isn't any *convenient* way for our users to generate an appropriately configured SSLContext without digging into the
Copy-friendly signature
Failure Signature
-----------------
Standalone `create_ssl_context()` function?
However, the one bit that's missing is that there currently isn't any *convenient* way for our users to generate an appropriately configured SSLContext without digging into the gnarly details.
Error Message
Signature-only (no traceback captured)
Error Message
-------------
Standalone `create_ssl_context()` function?
However, the one bit that's missing is that there currently isn't any *convenient* way for our users to generate an appropriately configured SSLContext without digging into the gnarly details.
What Broke
Users struggled to instantiate a client with a properly configured SSLContext, leading to confusion.
Why It Broke
The library lacked a convenient way to generate an appropriately configured SSLContext
Fix Options (Details)
Option A — Apply the official fix
Included a standalone `create_ssl_context()` function to provide users with a convenient way to generate an appropriately configured SSLContext.
Fix reference: https://github.com/encode/httpx/pull/996
Last verified: 2026-02-11. Validate in your environment.
When NOT to Use This Fix
- Do not use this function if you require custom SSL configurations not supported by the helper.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
- Upgrade behind a canary and run integration tests against the canary before 100% rollout.
- Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
- Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.