{"id":9630,"date":"2026-05-10T23:30:35","date_gmt":"2026-05-10T23:30:35","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=9630"},"modified":"2026-05-10T23:30:36","modified_gmt":"2026-05-10T23:30:36","slug":"python-ssl-sslerror-ssl-library_has_no_ciphers-library-has-no-ciphers-_ssl-c3135","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/python-ssl-sslerror-ssl-library_has_no_ciphers-library-has-no-ciphers-_ssl-c3135","title":{"rendered":"Python – ssl.SSLError: [SSL: LIBRARY_HAS_NO_CIPHERS] library has no ciphers (_ssl.c:3135)"},"content":{"rendered":"\n
python3 -m pip install pdfplumber pymupdf openpyxl pillow requests --trusted-host pypi.org --trusted-host files.pythonhosted.org\nDefaulting to user installation because normal site-packages is not writeable\nWARNING: There was an error checking the latest version of pip.\nERROR: Exception:\nTraceback (most recent call last):\n  File \"Packages\\PythonSoftwareFoundation.Python.3.13_qbz5n2kfra8p0\\LocalCache\\local-packages\\Python313\\site-packages\\pip\\_internal\\cli\\base_command.py\", line 107, in _run_wrapper\n    status = _inner_run()\n  File \"Packages\\PythonSoftwareFoundation.Python.3.13_qbz5n2kfra8p0\\LocalCache\\local-packages\\Python313\\site-packages\\pip\\_internal\\cli\\base_command.py\", line 98, in _inner_run\n    return self.run(options, args)\n           ~~~~~~~~^^^^^^^^^^^^^^^\n  File \"\\Packages\\PythonSoftwareFoundation.Python.3.13_qbz5n2kfra8p0\\LocalCache\\local-packages\\Python313\\site-packages\\pip\\_internal\\cli\\req_command.py\", line 96, in wrapper\n    return func(self, options, args)\n  File \"\\Packages\\PythonSoftwareFoundation.Python.3.13_qbz5n2kfra8p0\\LocalCache\\local-packages\\Python313\\site-packages\\pip\\_internal\\commands\\install.py\", line 340, in run\n    session = self.get_default_session(options)\n  File \"C:\\Users\\pwell\\AppData\\Local\\Packages\\PythonSoftwareFoundation.Python.3.13_qbz5n2kfra8p0\\LocalCache\\local-packages\\Python313\\site-packages\\pip\\_internal\\cli\\index_command.py\", line 82, in get_default_session\n    self._session = self.enter_context(self._build_session(options))\n                                       ~~~~~~~~~~~~~~~~~~~^^^^^^^^^\n  File \"\\Packages\\PythonSoftwareFoundation.Python.3.13_qbz5n2kfra8p0\\LocalCache\\local-packages\\Python313\\site-packages\\pip\\_internal\\cli\\index_command.py\", line 101, in _build_session\n    ssl_context = _create_truststore_ssl_context()\n  File \"\\Packages\\PythonSoftwareFoundation.Python.3.13_qbz5n2kfra8p0\\LocalCache\\local-packages\\Python313\\site-packages\\pip\\_internal\\cli\\index_command.py\", line 51, in _create_truststore_ssl_context\n    ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)\n  File \"C:\\Program Files\\WindowsApps\\PythonSoftwareFoundation.Python.3.13_3.13.3568.0_x64__qbz5n2kfra8p0\\Lib\\ssl.py\", line 438, in __new__\n    self = _SSLContext.__new__(cls, protocol)\nssl.SSLError: [SSL: LIBRARY_HAS_NO_CIPHERS] library has no ciphers (_ssl.c:3135)<\/code><\/pre>\n\n\n\n
What\u2019s wrong<\/h2>\n\n\n\n
The failure is not pip or your packages. ssl<\/code> is broken before any download: creating a TLS context raises SSL: LIBRARY_HAS_NO_CIPHERS<\/code>.<\/p>\n\n\n\n
We confirmed:<\/p>\n\n\n\n
    \n
  • Without any change,\u00a0ssl.create_default_context()<\/code>\u00a0fails the same way pip does.<\/li>\n\n\n\n
  • With\u00a0OPENSSL_CONF=NUL<\/code>,\u00a0ssl.create_default_context()<\/code>\u00a0succeeds\u00a0and\u00a0pip install<\/code>\u00a0completes\u00a0(your packages installed successfully in this environment).<\/li>\n<\/ul>\n\n\n\n
    So OpenSSL is reading a system config that leaves you with no usable TLS ciphers.<\/p>\n\n\n\n
    Likely root cause (system openssl.cnf<\/code>)<\/h2>\n\n\n\n
    Under C:\\Program Files\\Common Files\\SSL\\openssl.cnf<\/code>, the OpenSSL 3 provider section turns on legacy but does not activate the default provider:<\/p>\n\n\n\n
    [default_sect]<\/p>\n\n\n\n
    # activate = 1<\/p>\n\n\n\n
    [legacy_sect]<\/p>\n\n\n\n
    activate = 1<\/p>\n\n\n\n
    OpenSSL\u2019s own comments in that file say that if you explicitly activate other providers, you usually must also activate the default provider, or things break. That matches \u201clibrary has no ciphers\u201d for normal TLS.<\/p>\n\n\n\n
    What you can do<\/h2>\n\n\n\n
    1. Quick workaround (no admin)<\/h3>\n\n\n\n
    In PowerShell for that session:<\/p>\n\n\n\n
    $env:OPENSSL_CONF = ‘NUL’<\/p>\n\n\n\n
    python3 -m pip install …<\/p>\n\n\n\n
    Or one line:<\/p>\n\n\n\n
    $env:OPENSSL_CONF=’NUL’; python3 -m pip install pdfplumber pymupdf openpyxl pillow requests<\/p>\n\n\n\n
    To make it permanent for your user: System Properties ? Environment Variables ? User ? add OPENSSL_CONF<\/code> = NUL<\/code>. (Some other OpenSSL-based tools will also skip the broken global config.)<\/p>\n\n\n\n
    2. Proper fix (needs Administrator)<\/h3>\n\n\n\n
    Edit C:\\Program Files\\Common Files\\SSL\\openssl.cnf<\/code>, in [default_sect]<\/code>, uncomment so the default provider is activated:<\/p>\n\n\n\n
    [default_sect]<\/p>\n\n\n\n
    activate = 1<\/p>\n\n\n\n
    Save (elevated\/editor as admin). After that you can drop OPENSSL_CONF=NUL<\/code>.<\/p>\n","protected":false},"excerpt":{"rendered":"
    What\u2019s wrong The failure is not pip or your packages. ssl is broken before any download: creating a TLS context raises SSL: LIBRARY_HAS_NO_CIPHERS. We confirmed: So OpenSSL is reading a system config that […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9630","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9630","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=9630"}],"version-history":[{"count":1,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9630\/revisions"}],"predecessor-version":[{"id":9631,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9630\/revisions\/9631"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=9630"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=9630"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=9630"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}