Jump to solution
Verify

urllib3 parse_retry_after() in utils/retry.py computes seconds incorrectly when Retry-After value (Fix)

Fixed
Spec
Package
urllib3
Fixed In
1.25.11
Verdict
Status
Fixed
Safe for prod
Yes
Risk
Low
Last verified
2026-02-09
Own content ratio
0.52
#1896 ai retries tls Updated: 2026-02-13
Issue #1896

The Fix

pip install urllib3==1.25.11

Based on closed urllib3/urllib3 issue #1896 · PR/commit linked

Jump to Verify Open PR/Commit
@@ -7,6 +7,7 @@ PySocks==1.7.1 pytest==4.6.9 pytest-timeout==1.3.4 +pytest-freezegun==0.3.0.post1 flaky==3.6.1 trustme==0.5.3
repro.py
import re import time import email.utils import datetime def parse_retry_after(retry_after): """ Pulled from retry.py and minimally modified to change exception raised. """ # Whitespace: https://tools.ietf.org/html/rfc7230#section-3.2.4 if re.match(r"^\s*[0-9]+\s*$", retry_after): seconds = int(retry_after) else: retry_date_tuple = email.utils.parsedate(retry_after) if retry_date_tuple is None: raise RuntimeError('Invalid header!') retry_date = time.mktime(retry_date_tuple) seconds = retry_date - time.time() if seconds < 0: seconds = 0 return seconds if __name__ == '__main__': # Create a Retry-After value (http-date) that's 180 seconds after now. Note this will only # demonstrate the issue when the local timezone is *not* GMT. nowutc = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(seconds=180) retryafter = nowutc.strftime('%a, %d %b %Y %H:%M:%S GMT ') print(f'got {parse_retry_after(retryafter)} for {retryafter}, ' f'but should be {nowutc.timestamp() - time.time()}')
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\npip install urllib3==1.25.11\nWhen NOT to use: This fix should not be used if maintaining backward compatibility with incorrect time zone handling is required.\n\n

Why This Fix Works in Production

  • Trigger: For the given Retry-After value `Thu, 25 Jun 2020 21:30:12 GMT`, with the local time being `Thu, 25 Jun 2020 17:28:12 EST`, parse_retry_after() will return…
  • Mechanism: parse_retry_after() does not handle time zone differences correctly when parsing Retry-After values
  • Why the fix works: Updates the parse_retry_after function to use timezone-aware functions for better handling of Retry-After values, addressing the issue of incorrect time zone conversion. (first fixed release: 1.25.11).
Production impact:
  • If left unfixed, this can cause silent data inconsistencies that propagate (bad cache entries, incorrect downstream decisions).

Why This Breaks in Prod

  • parse_retry_after() does not handle time zone differences correctly when parsing Retry-After values
  • Production symptom (often without a traceback): For the given Retry-After value `Thu, 25 Jun 2020 21:30:12 GMT`, with the local time being `Thu, 25 Jun 2020 17:28:12 EST`, parse_retry_after() will return `14564.671981096268`. This value is incorrect, and should be `~120`.

Proof / Evidence

  • GitHub issue: #1896
  • Fix PR: https://github.com/urllib3/urllib3/pull/1932
  • First fixed release: 1.25.11
  • Reproduced locally: No (not executed)
  • Last verified: 2026-02-09
  • Confidence: 0.95
  • Did this fix it?: Yes (upstream fix exists)
  • Own content ratio: 0.52

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub
“This seems to fix the issue, but I've not done near enough testing or tried any python version other than 3.6.8:”
@cblades-tc · 2020-06-26 · source
“Here's a MRE that pulls out the code of parse_retry_after().”
@cblades-tc · 2020-06-25 · source
“Thanks for opening this, will look at it later. Going to summon the timezone wizard @pganssle for assistance making sense of this.”
@sethmlarson · 2020-06-25 · source
“@cblades-tc Would you be willing to submit a patch with a previously failing test case?”
@sethmlarson · 2020-06-26 · source

Failure Signature (Search String)

  • For the given Retry-After value `Thu, 25 Jun 2020 21:30:12 GMT`, with the local time being `Thu, 25 Jun 2020 17:28:12 EST`, parse_retry_after() will return `14564.671981096268`.
  • parse_retry_after() doesn't correctly handle the time difference between time zones.
Copy-friendly signature
signature.txt
Failure Signature ----------------- For the given Retry-After value `Thu, 25 Jun 2020 21:30:12 GMT`, with the local time being `Thu, 25 Jun 2020 17:28:12 EST`, parse_retry_after() will return `14564.671981096268`. This value is incorrect, and should be `~120`. parse_retry_after() doesn't correctly handle the time difference between time zones.

Error Message

Signature-only (no traceback captured)
error.txt
Error Message ------------- For the given Retry-After value `Thu, 25 Jun 2020 21:30:12 GMT`, with the local time being `Thu, 25 Jun 2020 17:28:12 EST`, parse_retry_after() will return `14564.671981096268`. This value is incorrect, and should be `~120`. parse_retry_after() doesn't correctly handle the time difference between time zones.

Minimal Reproduction

repro.py
import re import time import email.utils import datetime def parse_retry_after(retry_after): """ Pulled from retry.py and minimally modified to change exception raised. """ # Whitespace: https://tools.ietf.org/html/rfc7230#section-3.2.4 if re.match(r"^\s*[0-9]+\s*$", retry_after): seconds = int(retry_after) else: retry_date_tuple = email.utils.parsedate(retry_after) if retry_date_tuple is None: raise RuntimeError('Invalid header!') retry_date = time.mktime(retry_date_tuple) seconds = retry_date - time.time() if seconds < 0: seconds = 0 return seconds if __name__ == '__main__': # Create a Retry-After value (http-date) that's 180 seconds after now. Note this will only # demonstrate the issue when the local timezone is *not* GMT. nowutc = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(seconds=180) retryafter = nowutc.strftime('%a, %d %b %Y %H:%M:%S GMT ') print(f'got {parse_retry_after(retryafter)} for {retryafter}, ' f'but should be {nowutc.timestamp() - time.time()}')

What Broke

Incorrect Retry-After values lead to unexpected delays in request retries, causing potential timeouts.

Why It Broke

parse_retry_after() does not handle time zone differences correctly when parsing Retry-After values

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

pip install urllib3==1.25.11

When NOT to use: This fix should not be used if maintaining backward compatibility with incorrect time zone handling is required.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Fix reference: https://github.com/urllib3/urllib3/pull/1932

First fixed release: 1.25.11

Last verified: 2026-02-09. Validate in your environment.

Get updates

We publish verified fixes weekly. No spam.

Subscribe

When NOT to Use This Fix

  • This fix should not be used if maintaining backward compatibility with incorrect time zone handling is required.

Verify Fix

verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

  • Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
  • Upgrade behind a canary and run integration tests against the canary before 100% rollout.
  • Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
  • Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.

Version Compatibility Table

VersionStatus
1.25.11 Fixed

Related Issues

No related fixes found.

Cluster: urllib3:data-consistency urllib3 hub urllib3 best practices All hubs All clusters
Related clusters: Configuration error SSL handshake Other

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

Source & Disclaimer: Analysis derived from GitHub Issue #1896. Not affiliated with the library maintainers. Verify before production use.