🌐
Python
docs.python.org › 3 › library › ssl.html
ssl — TLS/SSL wrapper for socket objects — Python 3.14.4 ...
The curve_name parameter should be a string describing a well-known elliptic curve, for example prime256v1 for a widely supported curve. This setting doesn’t apply to client sockets. You can also use the OP_SINGLE_ECDH_USE option to further improve security. This method is not available if HAS_ECDH is False. Added in version 3.3. ... Vincent Bernat. SSLContext.wrap_socket(sock, server_side=False, do_handshake_on_connect=True, suppress_ragged_eofs=True, server_hostname=None, session=None)¶
🌐
Pythontic
pythontic.com › ssl › sslcontext › wrap_socket
wrap_socket() method of SSLContext class in Python | Pythontic.com
wrap_socket(sock, server_side=False, do_handshake_on_connect=True, suppress_ragged_eofs=True, server_hostname=None, session=None);
🌐
GitHub
github.com › benoitc › gunicorn › issues › 1894
Replace calls to ssl.wrap_socket() with SSLContext.wrap_socket() · Issue #1894 · benoitc/gunicorn
October 12, 2018 - ssl.wrap_socket() is deprecated and has current and future security limitations: Deprecated since version 3.7: Since Python 3.2 and 2.7.9, it is recommended to use the SSLContext.wrap_socket() instead of wrap_socket(). The top-level func...
Author   javabrett
🌐
HotExamples
python.hotexamples.com › examples › ssl › SSLContext › wrap_socket › python-sslcontext-wrap_socket-method-examples.html
Python SSLContext.wrap_socket Examples, ssl.SSLContext.wrap_socket Python Examples - HotExamples
def ssl_wrap_socket(sock, keyfile=None, certfile=None, cert_reqs=None, ca_certs=None, server_hostname=None, ssl_version=None): """ All arguments except `server_hostname` have the same meaning as for :func:`ssl.wrap_socket` :param server_hostname: Hostname of the expected certificate """ context = SSLContext(ssl_version) context.verify_mode = cert_reqs # Disable TLS compression to migitate CRIME attack (issue #309) OP_NO_COMPRESSION = 0x20000 context.options |= OP_NO_COMPRESSION if ca_certs: try: context.load_verify_locations(ca_certs) # Py32 raises IOError # Py33 raises FileNotFoundError except Exception as e: # Reraise as SSLError raise SSLError(e) if certfile: # FIXME: This block needs a test.
🌐
GitHub
github.com › vmware › pyvmomi › issues › 1057
Python 3.12 issue with wrap_socket (deprecated in 3.7) · Issue #1057 · vmware/pyvmomi
November 21, 2023 - # Function used to wrap sockets with SSL contextInstance = ssl.SSLContext(); contextInstance.verify_mode = ssl.CERT_REQUIRED; contextInstance.load_verify_locations(cafile=os.path.relpath(certifi.where()), capath=None, cadata=None); socketInstance = socket.socket(); _SocketWrapper = contextInstance.wrap_socket(socketInstance); #_SocketWrapper = ssl.wrap_socket ·
Author   ekrichbaum
🌐
Electricmonk
electricmonk.nl › log › 2018 › 06 › 02 › ssl-tls-client-certificate-verification-with-python-v3-4-sslcontext
SSL/TLS client certificate verification with Python v3.4+ SSLContext | Electricmonk.nl weblog
June 2, 2018 - #!/usr/bin/python3 import socket import ssl host_addr = '127.0.0.1' host_port = 8082 server_sni_hostname = 'example.com' server_cert = 'server.crt' client_cert = 'client.crt' client_key = 'client.key' context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile=server_cert) context.load_cert_chain(certfile=client_cert, keyfile=client_key) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) conn = context.wrap_socket(s, server_side=False, server_hostname=server_sni_hostname) conn.connect((host_addr, host_port)) print("SSL established.
🌐
Guardrails
docs.guardrails.io › vulnerabilities › insecure network communication
Insecure Network Communication | GuardRails
February 25, 2023 - import ssl sock = socket.socket( ...t(socket.AF_INET, socket.SOCK_STREAM) ssl_sock = context.wrap_socket(s, server_hostname='www.verisign.com') ssl_sock.connect(('www.verisign.com', 443))...
🌐
Stack Overflow
stackoverflow.com › questions › 77680000 › typeerror-sslcontext-wrap-socket-missing-1-required-positional-argument-soc
python - TypeError: SSLContext.wrap_socket() missing 1 required positional argument: 'sock' - Stack Overflow
Top answer
1 of 1
2

wrap_socket is a method which need to be called on the context object, i.e.

ssl_sock = ssl.SSLContext().wrap_socket(sock)

not

ssl_sock = ssl.SSLContext.wrap_socket(sock)
🌐
GitHub
github.com › python › cpython › blob › main › Lib › ssl.py
cpython/Lib/ssl.py at main · python/cpython
self = _SSLContext.__new__(cls, ... · def wrap_socket(self, sock, server_side=False, do_handshake_on_connect=True, suppress_ragged_eofs=True, server_hostname=None, session=None):  ...
Author   python
🌐
MicroPython
docs.micropython.org › en › latest › library › ssl.html
ssl – SSL/TLS module — MicroPython latest documentation
Wrap the given sock and return a new wrapped-socket object. The implementation of this function is to first create an SSLContext and then call the SSLContext.wrap_socket method on that context object. The arguments sock, server_side and server_hostname are passed through unchanged to the method ...
Find elsewhere
🌐
OMZ Software
omz-software.com › editorial › docs › library › ssl.html
17.3. ssl — TLS/SSL wrapper for socket objects — Editorial Documentation
Takes an instance sock of socket.socket, and returns an instance of ssl.SSLSocket, a subtype of socket.socket, which wraps the underlying socket in an SSL context. For client-side sockets, the context construction is lazy; if the underlying socket isn’t connected yet, the context construction will be performed after connect() is called on the socket.
🌐
Readthedocs
pumbaa.readthedocs.io › en › latest › library-reference › standard › ssl.html
1.13. ssl — TLS/SSL wrapper for socket objects — Pumbaa 3.0.2 documentation
>>> context = ssl.SSLContext(ssl.PROTOCOL_TLS) >>> context.load_verify_locations(cafile="server.crt") >>> server_sock = socket.socket() >>> server_sock.connect(('127.0.0.1', 10023)) >>> ssl_server_sock = context.wrap_socket(server_sock) >>> ssl_server_sock.send(b'hello') >>> ssl_server_sock.recv(7) 'goodbye' >>> ssl_server_sock.close() >>> server_sock.close()
🌐
University of Auckland
cs.auckland.ac.nz › references › python › 3.2.3-docs › library › ssl.html
17.3. ssl — TLS/SSL wrapper for socket objects — Python v3.2.3 documentation
In this mode no certificates will be required from the other side of the socket connection; but if they are provided, validation will be attempted and an SSLError will be raised on failure. Use of this setting requires a valid set of CA certificates to be passed, either to SSLContext.load_verify_locations() or as a value of the ca_certs parameter to wrap_socket().
🌐
Lsu
ld2015.scusa.lsu.edu › python-3.3.2-docs-html › library › ssl.html
18.2. ssl — TLS/SSL wrapper for socket objects — Python v3.3.2 documentation
The curve_name parameter should be a string describing a well-known elliptic curve, for example prime256v1 for a widely supported curve. This setting doesn’t apply to client sockets. You can also use the OP_SINGLE_ECDH_USE option to further improve security. This method is not available if HAS_ECDH is False. New in version 3.3. ... SSL/TLS & Perfect Forward Secrecy Vincent Bernat. SSLContext.wrap_socket(sock, server_side=False, do_handshake_on_connect=True, suppress_ragged_eofs=True, server_hostname=None)¶
🌐
Jython
jython.org › jython-old-sites › docs › library › ssl.html
17.3. ssl — SSL wrapper for socket objects — Jython v2.5.2 documentation
Takes an instance sock of socket.socket, and returns an instance of ssl.SSLSocket, a subtype of socket.socket, which wraps the underlying socket in an SSL context. For client-side sockets, the context construction is lazy; if the underlying socket isn’t connected yet, the context construction will be performed after connect() is called on the socket.
🌐
Codiga
codiga.io › blog › python-ssl-versions
SSL module in Python: stay secure!
October 17, 2022 - When using socket functions (such as with wrap_socket) make sure the protocol passed as a parameter is not outdated. There is, for example of a new socket using the outdated SSLv3 protocol.
🌐
Python
docs.python.domainunion.de › 3 › library › ssl.html
TLS/SSL wrapper for socket objects - Python documentation
The curve_name parameter should be a string describing a well-known elliptic curve, for example prime256v1 for a widely supported curve. This setting doesn’t apply to client sockets. You can also use the OP_SINGLE_ECDH_USE option to further improve security. This method is not available if HAS_ECDH is False. Added in version 3.3. ... Vincent Bernat. SSLContext.wrap_socket(sock, server_side=False, do_handshake_on_connect=True, suppress_ragged_eofs=True, server_hostname=None, session=None)¶
🌐
Stack Overflow
stackoverflow.com › questions › 26851034 › opening-a-ssl-socket-connection-in-python
Opening a SSL socket connection in Python - Stack Overflow
Top answer
1 of 4
101

Ok, I figured out what was wrong. It was kind of foolish of me. I had two problems with my code. My first mistake was when specifying the ssl_version I put in TLSv1 when it should have been ssl.PROTOCOL_TLSv1. The second mistake was that I wasn't referencing the wrapped socket, instead I was calling the original socket that I have created. The below code seemed to work for me.

import socket
import ssl

# SET VARIABLES
packet, reply = "<packet>SOME_DATA</packet>", ""
HOST, PORT = 'XX.XX.XX.XX', 4434

# CREATE SOCKET
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(10)

# WRAP SOCKET
wrappedSocket = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1, ciphers="ADH-AES256-SHA")

# CONNECT AND PRINT REPLY
wrappedSocket.connect((HOST, PORT))
wrappedSocket.send(packet)
print wrappedSocket.recv(1280)

# CLOSE SOCKET CONNECTION
wrappedSocket.close()

Hope this can help somebody!

2 of 4
11

You shouldn't be setting PROTOCOL_TLSv1 (or TLSv1). This restricts the connection to TLS v1.0 only. Instead you want PROTOCOL_TLS (or the deprecated PROTOCOL_SSLv23) that supports all versions supported by the library.

You're using an anonymous cipher, because for some reason you think you don't need a certificate or key. This means that there is no authentication of the server and that you're vulnerable to a man in the middle attack. Unless you really know what you're doing, I suggest you don't use anonymous ciphers (like ADH-AES256-SHA).

🌐
Sourcecodequery
sourcecodequery.com › example-method › ssl_context.wrap_socket
SourceCodeQuery - Python ssl_context.wrap_socket Examples
def _create_ssl_connection(self, sock): self._logger.debug("Creating ssl connection...") ssl_protocol_version = ssl.PROTOCOL_SSLv23 if self._port == 443: ssl_context = SSLContextBuilder()\ .with_ca_certs(self._ca_path)\ .with_cert_key_pair(self._cert_path, self._key_path)\ .with_cert_reqs(ssl.CERT_REQUIRED)\ .with_check_hostname(True)\ .with_ciphers(None)\ .with_alpn_protocols(['x-amzn-http-ca'])\ .build() ssl_sock = ssl_context.wrap_socket(sock, server_hostname=self._host, do_handshake_on_connect=False) ssl_sock.do_handshake() else: ssl_sock = ssl.wrap_socket(sock, certfile=self._cert_path, k
🌐
Readthedocs
docspy3zh.readthedocs.io › en › latest › library › ssl.html
17.3. ssl — TLS/SSL wrapper for socket objects — Python 3 文档(简体中文) 3.2.2 documentation
In this mode no certificates will be required from the other side of the socket connection; but if they are provided, validation will be attempted and an SSLError will be raised on failure. Use of this setting requires a valid set of CA certificates to be passed, either to SSLContext.load_verify_locations() or as a value of the ca_certs parameter to wrap_socket().
Related queries
sslcontext python
sslcontext wrap_socket example github
python ssl socket client/server example
sslcontext wrap_socket example in python
attributeerror: module 'ssl' has no attribute 'wrap_socket'
python _ssl github
nameerror: name 'ssl' is not defined
ssl.wrap_socket deprecated