The Fix
pip install requests==2.27.0
Based on closed psf/requests issue #3689 · PR/commit linked
Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.
@@ -94,7 +94,8 @@ def run_tests(self):
tests_require=test_requirements,
extras_require={
- 'security': ['pyOpenSSL>=0.13', 'ndg-httpsclient', 'pyasn1'],
+ 'security': ['pyOpenSSL>=0.14', 'cryptography>=1.3.4', 'idna>=2.0.0'],
'socks': ['PySocks>=1.5.6, !=1.5.7'],
Option A — Upgrade to fixed release\npip install requests==2.27.0\nWhen NOT to use: This fix is not applicable if the application relies on deprecated dependencies.\n\n
Why This Fix Works in Production
- Trigger: Users experience import errors when trying to use security features in requests.
- Mechanism: Older versions of pyOpenSSL cause import errors when installing requests with security extras
- Why the fix works: Updated the security extras in setup.py to replace deprecated dependencies with required ones. (first fixed release: 2.27.0).
- If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.
Why This Breaks in Prod
- Older versions of pyOpenSSL cause import errors when installing requests with security extras
- Production symptom (often without a traceback): Users experience import errors when trying to use security features in requests.
Proof / Evidence
- GitHub issue: #3689
- Fix PR: https://github.com/psf/requests/pull/3693
- First fixed release: 2.27.0
- Reproduced locally: No (not executed)
- Last verified: 2026-02-07
- Confidence: 0.95
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.72
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“Given that we're shipping a patch release, I may just fix this myself and ship it today.”
Failure Signature (Search String)
- Users experience import errors when trying to use security features in requests.
Copy-friendly signature
Failure Signature
-----------------
Users experience import errors when trying to use security features in requests.
Error Message
Signature-only (no traceback captured)
Error Message
-------------
Users experience import errors when trying to use security features in requests.
What Broke
Users experience import errors when trying to use security features in requests.
Why It Broke
Older versions of pyOpenSSL cause import errors when installing requests with security extras
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
pip install requests==2.27.0
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Fix reference: https://github.com/psf/requests/pull/3693
First fixed release: 2.27.0
Last verified: 2026-02-07. Validate in your environment.
When NOT to Use This Fix
- This fix is not applicable if the application relies on deprecated dependencies.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
- Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.
Version Compatibility Table
| Version | Status |
|---|---|
| 2.27.0 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.