The Fix
pip install urllib3==1.25.11
Based on closed urllib3/urllib3 issue #1769 · PR/commit linked
Production note: Watch p95/p99 latency and retry volume; timeouts can turn into retry storms and duplicate side-effects.
@@ -1,7 +1,11 @@
from __future__ import absolute_import
import socket
+
+from urllib3.exceptions import LocationParseError
+
repro.py
import logging
import urllib3
logging.basicConfig(level=logging.DEBUG)
mgr = urllib3.PoolManager(cert_reqs='CERT_NONE')
mgr.urlopen('GET', 'https://184.95.32.74')
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\npip install urllib3==1.25.11\nWhen NOT to use: This fix is not applicable if the application requires strict IDNA compliance.\n\n
Why This Fix Works in Production
- Trigger: DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): 184.95.32.74:443
- Mechanism: UnicodeError raised when processing invalid redirects due to empty or too long labels
- Why the fix works: Fixes the UnicodeError raised when processing invalid redirects by introducing a LocationParseError. (first fixed release: 1.25.11).
Why This Breaks in Prod
- Shows up under Python 3.5 in real deployments (not just unit tests).
- UnicodeError raised when processing invalid redirects due to empty or too long labels
- Surfaces as: DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): 184.95.32.74:443
Proof / Evidence
- GitHub issue: #1769
- Fix PR: https://github.com/urllib3/urllib3/pull/1968
- First fixed release: 1.25.11
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.95
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.43
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“I've reproduced this issue with this minimal example: In python2.7 it raises socket.gaierror, on python3 it raises the mentioned UnicodeError”
“The website you visited redirected you to https://.../, ... is not a valid host because the "labels" between the . are empty. What would you…”
“I expect urllib3 to not raise UnicodeError. I expect it to raise built-in urlilb3 exception like InvalidUrl or InvalidRedirect or something like that. It is…”
“Sounds like a valid change, would you be willing to create a PR to accomplish this? Let's raise LocationParseError.”
Failure Signature (Search String)
- DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): 184.95.32.74:443
Error Message
Stack trace
error.txt
Error Message
-------------
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): 184.95.32.74:443
/home/web/web/domscan/.env/lib/python3.5/site-packages/urllib3/connectionpool.py:1004: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning,
DEBUG:urllib3.connectionpool:https://184.95.32.74:443 "GET / HTTP/1.1" 302 0
DEBUG:urllib3.util.retry:Incremented Retry for (url='https://184.95.32.74'): Retry(total=2, connect=None, read=None, redirect=None, status=None)
INFO:urllib3.poolmanager:Redirecting https://184.95.32.74 -> https://.../
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): ...:443
Traceback (most recent call last):
File "/home/web/web/domscan/.env/lib/python3.5/encodings/idna.py", line 165, in encode
raise UnicodeError("label empty or too long")
UnicodeError: label empty or too long
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "test.py", line 6, in <module>
mgr.urlopen('GET', 'https://184.95.32.74')
File "/home/web/web/domscan/.env/lib/python3.5/site-packages/urllib3/poolmanager.py", line 369, in urlopen
return self.urlopen(method, redirect_location, **kw)
File "/home/web/web/domscan/.env/lib/python3.5/site-packages/urllib3/po
... (truncated) ...
Minimal Reproduction
repro.py
import logging
import urllib3
logging.basicConfig(level=logging.DEBUG)
mgr = urllib3.PoolManager(cert_reqs='CERT_NONE')
mgr.urlopen('GET', 'https://184.95.32.74')
Environment
- Python: 3.5
What Broke
Application crashes with UnicodeError when handling invalid redirects.
Why It Broke
UnicodeError raised when processing invalid redirects due to empty or too long labels
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
pip install urllib3==1.25.11
When NOT to use: This fix is not applicable if the application requires strict IDNA compliance.
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Fix reference: https://github.com/urllib3/urllib3/pull/1968
First fixed release: 1.25.11
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- This fix is not applicable if the application requires strict IDNA compliance.
Verify Fix
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
- Upgrade behind a canary and run integration tests against the canary before 100% rollout.
- Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
- Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.
Version Compatibility Table
| Version | Status |
|---|---|
| 1.25.11 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.