From a70a201222d2dd1297fe1a525cdf7d40b602cdef Mon Sep 17 00:00:00 2001
From: dvirlabs <114520947+dvirlabs@users.noreply.github.com>
Date: Thu, 14 May 2026 15:29:16 +0300
Subject: [PATCH] SSL

---
 backend/whatsapp.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/backend/whatsapp.py b/backend/whatsapp.py
index 04cad84..293e157 100644
--- a/backend/whatsapp.py
+++ b/backend/whatsapp.py
@@ -5,6 +5,7 @@ Handles sending WhatsApp messages via Meta's API
 import os
 import httpx
 import certifi
+import ssl
 import re
 import logging
 from typing import Optional
@@ -17,10 +18,16 @@ logger = logging.getLogger(__name__)
 async def create_http_client() -> httpx.AsyncClient:
     """
     Create an httpx client with proper certificate verification.
-    Uses certifi for CA bundle - simple and reliable.
+    Uses certifi for CA bundle and creates proper SSL context for handshake.
     """
+    # Create SSL context with proper certificate verification
+    ssl_context = ssl.create_default_context(cafile=certifi.where())
+    ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
+    ssl_context.maximum_version = ssl.TLSVersion.TLSv1_3
+    ssl_context.options |= ssl.OP_NO_COMPRESSION
+    
     return httpx.AsyncClient(
-        verify=certifi.where(),
+        verify=ssl_context,
         timeout=httpx.Timeout(30.0, connect=10.0),
         http2=False,
         limits=httpx.Limits(max_keepalive_connections=5, max_connections=10)