urllib3 Add deprecation warnings for

The Fix

pip install urllib3==1.26.12

Based on closed urllib3/urllib3 issue #2691 · PR/commit linked

Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.

Jump to Verify Open PR/Commit

@@ -16,6 +16,7 @@ source =
 [report]
 exclude_lines =
+    except ModuleNotFoundError:
     except ImportError:
     pass

repro.py

try:
    import urllib3_secure_extra
except ImportError:
    pass
else:
    warnings.warn("The urllib3[secure] extra is deprecated ...")

verify

Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

fix.md

Option A — Upgrade to fixed release\npip install urllib3==1.26.12\nWhen NOT to use: This fix should not be applied if the deprecation warnings are not desired.\n\n

Why This Fix Works in Production

Trigger: Add deprecation warnings for urllib3.contrib.pyopenssl
Mechanism: Adds deprecation warnings for the urllib3.contrib.pyopenssl module and the urllib3[secure] extra, addressing issue #2691.
Why the fix works: Adds deprecation warnings for the urllib3.contrib.pyopenssl module and the urllib3[secure] extra, addressing issue #2691. (first fixed release: 1.26.12).

Production impact:

If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.

Why This Breaks in Prod

Production symptom (often without a traceback): Add deprecation warnings for urllib3.contrib.pyopenssl

Proof / Evidence

GitHub issue: #2691
Fix PR: https://github.com/urllib3/urllib3/pull/2701
First fixed release: 1.26.12
Reproduced locally: No (not executed)
Last verified: 2026-02-09
Confidence: 0.75
Did this fix it?: Yes (upstream fix exists)
Own content ratio: 0.75

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub

“@IvanLauLinTiong We wouldn't yank the package, it would only serve as a marker to show that the [secure] extra was installed”

@sethmlarson · 2022-08-04 · source

“All issues in the issue tracker about pyOpenSSL: - #2168 - #1885 - #1768 - #1071 - #892 - #855 - #590 - #367”

@IvanLauLinTiong · 2022-08-11 · source

“Ah I see, I hadn't thought about it that way. I still think you should yank it one day looking at pypistats will inform what…”

@graingert · 2022-08-11 · source

“Hi @sethmlarson, quick question for task 5: Emit a DeprecationWarning for urllib3[secure] when it's detected that the urllib3-secure-extra package is importable”

@IvanLauLinTiong · 2022-08-01 · source

Failure Signature (Search String)

Add deprecation warnings for urllib3.contrib.pyopenssl
- [x] Add deprecation warning section to the pyOpenSSL docs

Copy-friendly signature

signature.txt

Failure Signature
-----------------
Add deprecation warnings for urllib3.contrib.pyopenssl
- [x] Add deprecation warning section to the pyOpenSSL docs

Error Message

Signature-only (no traceback captured)

error.txt

Error Message
-------------
Add deprecation warnings for urllib3.contrib.pyopenssl
- [x] Add deprecation warning section to the pyOpenSSL docs

Minimal Reproduction

repro.py

try:
    import urllib3_secure_extra
except ImportError:
    pass
else:
    warnings.warn("The urllib3[secure] extra is deprecated ...")

What Broke

Users may encounter confusion or errors when using deprecated features.

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

pip install urllib3==1.26.12

When NOT to use: This fix should not be applied if the deprecation warnings are not desired.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Fix reference: https://github.com/urllib3/urllib3/pull/2701

First fixed release: 1.26.12

Last verified: 2026-02-09. Validate in your environment.

When NOT to Use This Fix

This fix should not be applied if the deprecation warnings are not desired.

Verify Fix

verify

Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
Upgrade behind a canary and run integration tests against the canary before 100% rollout.
Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.

Version Compatibility Table

Version	Status
1.26.12	Fixed

Related Issues

No related fixes found.

Cluster: urllib3:configuration-error urllib3 hub urllib3 best practices All hubs All clusters

Related clusters: Data consistency SSL handshake Other

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

urllib3 Add deprecation warnings for urllib3.contrib.pyopenssl (Fix)