Jump to solution
Verify

urllib3 test_https_timeout & test_enhanced_timeout fail when there's no networking (Fix)

Fixed
Spec
Package
urllib3
Fixed In
1.25.9
Python
2.7
Verdict
Status
Fixed
Safe for prod
Yes
Risk
Low
Last verified
2026-02-09
Own content ratio
0.43
#1756 ai timeouts Updated: 2026-02-13
Issue #1756

The Fix

pip install urllib3==1.25.9

Based on closed urllib3/urllib3 issue #1756 · PR/commit linked

Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.

Jump to Verify Open PR/Commit
@@ -19,8 +19,14 @@ # We need a host that will not immediately close the connection with a TCP -# Reset. SO suggests this hostname -TARPIT_HOST = "10.255.255.1" +# Reset.
repro.py
__________________________________________________________ TestHTTPS.test_https_timeout ___________________________________________________________ args = (<test.with_dummyserver.test_https.TestHTTPS object at 0x7f2e0e7ebe50>,), kwargs = {} @six.wraps(test) def wrapper(*args, **kwargs): global _requires_network_has_route if _requires_network_has_route is None: _requires_network_has_route = _has_route() test/__init__.py:175: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ test/__init__.py:159: in _has_route sock = socket.create_connection((TARPIT_HOST, 80), 0.0001) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ address = ('10.255.255.1', 80), timeout = 0.0001, source_address = None def create_connection(address, timeout=_GLOBAL_DEFAULT_TIMEOUT, source_address=None): """Connect to *address* and return the socket object. Convenience function. Connect to *address* (a 2-tuple ``(host, port)``) and return the socket object. Passing the optional *timeout* parameter will set the timeout on the socket instance before attempting to connect. If no *timeout* is supplied, the global default timeout setting returned by :func:`getdefaulttimeout` is used. If *source_address* is set it must be a tuple of (host, port) for the socket to bind as a source address before making the connection. A host of '' or port 0 tells the OS to use the default. """ host, port = address err = None for res in getaddrinfo(host, port, 0, SOCK_STREAM): af, socktype, proto, canonname, sa = res sock = None try: sock = socket(af, socktype, proto) if timeout is not _GLOBAL_DEFAULT_TIMEOUT: sock.settimeout(timeout) if source_address: sock.bind(source_address) sock.connect(sa) return sock except error as _: err = _ if sock is not None: sock.close() if err is not None: raise err E error: [Errno 111] Connection refused /usr/lib64/python2.7/socket.py:575: error _________________________________________________________ TestHTTPS.test_enhanced_timeout _________________________________________________________ args = (<test.with_dummyserver.test_https.TestHTTPS object at 0x7f2e0ec1d4d0>,), kwargs = {} @six.wraps(test) def wrapper(*args, **kwargs): global _requires_network_has_route if _requires_network_has_route is None: _requires_network_has_route = _has_route() test/__init__.py:175: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ test/__init__.py:159: in _has_route sock = socket.create_connection((TARPIT_HOST, 80), 0.0001) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ address = ('10.255.255.1', 80), timeout = 0.0001, source_address = None def create_connection(address, timeout=_GLOBAL_DEFAULT_TIMEOUT, source_address=None): """Connect to *address* and return ... (truncated) ...
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\npip install urllib3==1.25.9\nWhen NOT to use: This fix is not applicable if the tests are expected to run in a fully connected environment.\n\n

Why This Fix Works in Production

  • Trigger: test_https_timeout & test_enhanced_timeout fail when there's no networking
  • Mechanism: The tests fail due to the use of an unreachable TARPIT_HOST address in isolated network environments
  • Why the fix works: Changed TARPIT_HOST to detect isolated network, addressing test failures when no external network is present. (first fixed release: 1.25.9).
Production impact:
  • If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.

Why This Breaks in Prod

  • Shows up under Python 2.7 in real deployments (not just unit tests).
  • The tests fail due to the use of an unreachable TARPIT_HOST address in isolated network environments
  • Production symptom (often without a traceback): test_https_timeout & test_enhanced_timeout fail when there's no networking

Proof / Evidence

  • GitHub issue: #1756
  • Fix PR: https://github.com/urllib3/urllib3/pull/1862
  • First fixed release: 1.25.9
  • Reproduced locally: No (not executed)
  • Last verified: 2026-02-09
  • Confidence: 0.95
  • Did this fix it?: Yes (upstream fix exists)
  • Own content ratio: 0.43

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub
“I suspect a better solution here would be to special-case 'connection refused' and skip the test.”
@mgorny · 2019-11-22 · source
“Thanks for the report! Are those correctly skipped if you add errno.ECONNREFUSED to _is_unreachable_err in test/__init__.py?”
@pquentin · 2019-11-22 · source
“Yes, this helps. Thanks! Now that you've mentioned it, is there a nice way to use this class to skip those tests entirely from the…”
@mgorny · 2019-11-22 · source
“Nothing currently exists, no. :( Would you like to work on a pull request that adds the errno.ECONNREFUSED line?”
@pquentin · 2019-11-22 · source

Failure Signature (Search String)

  • test_https_timeout & test_enhanced_timeout fail when there's no networking
  • We're running tests in a container isolated from external networks (having only `lo`), and the two mentioned tests seem to fail when external network isn't present, e.g.:
Copy-friendly signature
signature.txt
Failure Signature ----------------- test_https_timeout & test_enhanced_timeout fail when there's no networking We're running tests in a container isolated from external networks (having only `lo`), and the two mentioned tests seem to fail when external network isn't present, e.g.:

Error Message

Signature-only (no traceback captured)
error.txt
Error Message ------------- test_https_timeout & test_enhanced_timeout fail when there's no networking We're running tests in a container isolated from external networks (having only `lo`), and the two mentioned tests seem to fail when external network isn't present, e.g.:

Minimal Reproduction

repro.py
__________________________________________________________ TestHTTPS.test_https_timeout ___________________________________________________________ args = (<test.with_dummyserver.test_https.TestHTTPS object at 0x7f2e0e7ebe50>,), kwargs = {} @six.wraps(test) def wrapper(*args, **kwargs): global _requires_network_has_route if _requires_network_has_route is None: _requires_network_has_route = _has_route() test/__init__.py:175: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ test/__init__.py:159: in _has_route sock = socket.create_connection((TARPIT_HOST, 80), 0.0001) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ address = ('10.255.255.1', 80), timeout = 0.0001, source_address = None def create_connection(address, timeout=_GLOBAL_DEFAULT_TIMEOUT, source_address=None): """Connect to *address* and return the socket object. Convenience function. Connect to *address* (a 2-tuple ``(host, port)``) and return the socket object. Passing the optional *timeout* parameter will set the timeout on the socket instance before attempting to connect. If no *timeout* is supplied, the global default timeout setting returned by :func:`getdefaulttimeout` is used. If *source_address* is set it must be a tuple of (host, port) for the socket to bind as a source address before making the connection. A host of '' or port 0 tells the OS to use the default. """ host, port = address err = None for res in getaddrinfo(host, port, 0, SOCK_STREAM): af, socktype, proto, canonname, sa = res sock = None try: sock = socket(af, socktype, proto) if timeout is not _GLOBAL_DEFAULT_TIMEOUT: sock.settimeout(timeout) if source_address: sock.bind(source_address) sock.connect(sa) return sock except error as _: err = _ if sock is not None: sock.close() if err is not None: raise err E error: [Errno 111] Connection refused /usr/lib64/python2.7/socket.py:575: error _________________________________________________________ TestHTTPS.test_enhanced_timeout _________________________________________________________ args = (<test.with_dummyserver.test_https.TestHTTPS object at 0x7f2e0ec1d4d0>,), kwargs = {} @six.wraps(test) def wrapper(*args, **kwargs): global _requires_network_has_route if _requires_network_has_route is None: _requires_network_has_route = _has_route() test/__init__.py:175: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ test/__init__.py:159: in _has_route sock = socket.create_connection((TARPIT_HOST, 80), 0.0001) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ address = ('10.255.255.1', 80), timeout = 0.0001, source_address = None def create_connection(address, timeout=_GLOBAL_DEFAULT_TIMEOUT, source_address=None): """Connect to *address* and return ... (truncated) ...

Environment

  • Python: 2.7

What Broke

Tests fail with connection refused errors when no external network is available.

Why It Broke

The tests fail due to the use of an unreachable TARPIT_HOST address in isolated network environments

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

pip install urllib3==1.25.9

When NOT to use: This fix is not applicable if the tests are expected to run in a fully connected environment.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Fix reference: https://github.com/urllib3/urllib3/pull/1862

First fixed release: 1.25.9

Last verified: 2026-02-09. Validate in your environment.

Get updates

We publish verified fixes weekly. No spam.

Subscribe

When NOT to Use This Fix

  • This fix is not applicable if the tests are expected to run in a fully connected environment.

Verify Fix

verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

  • Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
  • Upgrade behind a canary and run integration tests against the canary before 100% rollout.
  • Make timeouts explicit and test them (unit + integration) to avoid silent behavior changes.
  • Instrument retries (attempt count + reason) and alert on spikes to catch dependency slowdowns.

Version Compatibility Table

VersionStatus
1.25.9 Fixed

Related Issues

No related fixes found.

Cluster: urllib3:configuration-error urllib3 hub urllib3 best practices All hubs All clusters
Related clusters: Data consistency SSL handshake Other

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

Source & Disclaimer: Analysis derived from GitHub Issue #1756. Not affiliated with the library maintainers. Verify before production use.