Ok, I figured out what was wrong. It was kind of foolish of me. I had two problems with my code. My first mistake was when specifying the ssl_version I put in TLSv1 when it should have been ssl.PROTOCOL_TLSv1. The second mistake was that I wasn't referencing the wrapped socket, instead I was calling the original socket that I have created. The below code seemed to work for me.
import socket
import ssl
# SET VARIABLES
packet, reply = "<packet>SOME_DATA</packet>", ""
HOST, PORT = 'XX.XX.XX.XX', 4434
# CREATE SOCKET
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(10)
# WRAP SOCKET
wrappedSocket = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1, ciphers="ADH-AES256-SHA")
# CONNECT AND PRINT REPLY
wrappedSocket.connect((HOST, PORT))
wrappedSocket.send(packet)
print wrappedSocket.recv(1280)
# CLOSE SOCKET CONNECTION
wrappedSocket.close()
Hope this can help somebody!
Answer from Raffi on Stack OverflowPython
docs.python.org › 3 › library › ssl.html
ssl — TLS/SSL wrapper for socket objects — Python 3.14.4 ...
However, since the SSL (and TLS) ... specification of normal, OS-level sockets. See especially the notes on non-blocking sockets. Instances of SSLSocket must be created using the SSLContext.wrap_socket() method....
Top answer 1 of 4
101
Ok, I figured out what was wrong. It was kind of foolish of me. I had two problems with my code. My first mistake was when specifying the ssl_version I put in TLSv1 when it should have been ssl.PROTOCOL_TLSv1. The second mistake was that I wasn't referencing the wrapped socket, instead I was calling the original socket that I have created. The below code seemed to work for me.
import socket
import ssl
# SET VARIABLES
packet, reply = "<packet>SOME_DATA</packet>", ""
HOST, PORT = 'XX.XX.XX.XX', 4434
# CREATE SOCKET
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(10)
# WRAP SOCKET
wrappedSocket = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1, ciphers="ADH-AES256-SHA")
# CONNECT AND PRINT REPLY
wrappedSocket.connect((HOST, PORT))
wrappedSocket.send(packet)
print wrappedSocket.recv(1280)
# CLOSE SOCKET CONNECTION
wrappedSocket.close()
Hope this can help somebody!
2 of 4
11
You shouldn't be setting PROTOCOL_TLSv1 (or TLSv1). This restricts the connection to TLS v1.0 only. Instead you want PROTOCOL_TLS (or the deprecated PROTOCOL_SSLv23) that supports all versions supported by the library.
You're using an anonymous cipher, because for some reason you think you don't need a certificate or key. This means that there is no authentication of the server and that you're vulnerable to a man in the middle attack. Unless you really know what you're doing, I suggest you don't use anonymous ciphers (like ADH-AES256-SHA).
Pythontic
pythontic.com › ssl › sslcontext › wrap_socket
wrap_socket() method of SSLContext class in Python | Pythontic.com
The wrap_socket() method of SSLContext class in Python creates an SSLSocket instance from a connection oriented socket. The wrap_socket() method can be used to create both server sockets as well as client sockets.
GitHub
github.com › vmware › pyvmomi › issues › 1057
Python 3.12 issue with wrap_socket (deprecated in 3.7) · Issue #1057 · vmware/pyvmomi
November 21, 2023 - # Function used to wrap sockets with SSL contextInstance = ssl.SSLContext(); contextInstance.verify_mode = ssl.CERT_REQUIRED; contextInstance.load_verify_locations(cafile=os.path.relpath(certifi.where()), capath=None, cadata=None); socketInstance = socket.socket(); _SocketWrapper = contextInstance.wrap_socket(socketInstance); #_SocketWrapper = ssl.wrap_socket · Python 3.12 ...
Author ekrichbaum
MicroPython
docs.micropython.org › en › latest › library › ssl.html
ssl – SSL/TLS module — MicroPython latest documentation
Wrap the given sock and return a new wrapped-socket object. The implementation of this function is to first create an SSLContext and then call the SSLContext.wrap_socket method on that context object. The arguments sock, server_side and server_hostname are passed through unchanged to the method ...
Python
docs.python.org › 3.0 › library › ssl.html
ssl — SSL wrapper for socket objects — Python v3.0.1 documentation
This module provides a class, ssl.SSLSocket, which is derived from the socket.socket type, and provides a socket-like wrapper that also encrypts and decrypts the data going over the socket with SSL.
Python
docs.python.org › 3.8 › library › ssl.html
ssl — TLS/SSL wrapper for socket objects — Python 3.8.20 documentation
Since Python 3.2 and 2.7.9, it is recommended to use the SSLContext.wrap_socket() of an SSLContext instance to wrap sockets as SSLSocket objects. The helper functions create_default_context() returns a new context with secure default settings.
Jython
jython.org › jython-old-sites › docs › library › ssl.html
17.3. ssl — SSL wrapper for socket objects — Jython v2.5.2 documentation
This module provides a class, ssl.SSLSocket, which is derived from the socket.socket type, and provides a socket-like wrapper that also encrypts and decrypts the data going over the socket with SSL.
Python
docs.python.org › 3.9 › library › ssl.html
ssl — TLS/SSL wrapper for socket objects — Python 3.9.24 documentation
Since Python 3.2 and 2.7.9, it is recommended to use the SSLContext.wrap_socket() of an SSLContext instance to wrap sockets as SSLSocket objects. The helper functions create_default_context() returns a new context with secure default settings.
Python
docs.python.org › 3.2 › library › ssl.html
17.3. ssl — TLS/SSL wrapper for socket objects — Python v3.2.6 documentation
October 12, 2014 - Takes an instance sock of socket.socket, and returns an instance of ssl.SSLSocket, a subtype of socket.socket, which wraps the underlying socket in an SSL context. For client-side sockets, the context construction is lazy; if the underlying socket isn’t connected yet, the context construction ...
Wolfssl
wolfssl.github.io › wolfssl-py
wolfssl Python 3.14.0-1 documentation
The SSL/TLS protocol works securing an underlying TCP connection, this module adds the secure layer around the Python standard library socket module. There are three different paths to secure a socket in this module: Using the top level function wolfssl.wrap_socket();
Markusholtermann
markusholtermann.eu › 2016 › 09 › ssl-all-the-things-in-python
Markus Holtermann — SSL All The Things In Python
import socket, ssl HOST, PORT = 'example.com', 443 def handle(conn): conn.write(b'GET / HTTP/1.1\n') print(conn.recv().decode()) def main(): sock = socket.socket(socket.AF_INET) context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 # optional conn = context.wrap_socket(sock, server_hostname=HOST) try: conn.connect((HOST, PORT)) handle(conn) finally: conn.close() if __name__ == '__main__': main()
Codiga
codiga.io › blog › python-ssl-versions
SSL module in Python: stay secure!
October 17, 2022 - For backward-compatibility reasons, the ssl Python module still supports old and deprecated protocols. But these protocols should not be used by developers. They should instead use the TLS protocol that is replacing SSL. MITRE published a CWE about this special issue (Use of a Broken or Risky Cryptographic Algorithm), warning developers not to use an outdated security protocol. When using the ssl module directly, avoid deprecated protocols. When using socket functions (such as with wrap_socket) make sure the protocol passed as a parameter is not outdated.
Python
docs.python.org › 3.3 › library › ssl.html
18.2. ssl — TLS/SSL wrapper for socket objects — Python 3.3.7 documentation
In this mode no certificates will be required from the other side of the socket connection; but if they are provided, validation will be attempted and an SSLError will be raised on failure. Use of this setting requires a valid set of CA certificates to be passed, either to SSLContext.load_verify_locations() or as a value of the ca_certs parameter to wrap_socket().
GitHub
gist.github.com › oborichkin › d8d0c7823fd6db3abeb25f69352a5299
Simple TLS client and server on python · GitHub
import socket import ssl import time SERVER_HOST = "127.0.0.1" SERVER_PORT = 40000 if __name__ == "__main__": client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client = ssl.wrap_socket(client, keyfile="path/to/keyfile", certfile="path/to/certfile") client.connect((SERVER_HOST, SERVER_PORT)) while True: client.sendall("Hello World!".encode("utf-8")) time.sleep(1)
GitHub
gist.github.com › marshalhayes › ca9508f97d673b6fb73ba64a67b76ce8
TLS encryption of Python sockets using the "SSL" module · GitHub
TLS encryption of Python sockets using the "SSL" module · Raw · README.md · Follow these steps before trying to run any code. First, generate a Certificate Authority (CA). openssl genrsa -out rootCA.key 2048 · Second, self-sign it. openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 365 -out rootCA.pem ·
GitHub
github.com › eventlet › eventlet › issues › 795
[Python 3.12] AttributeError: module 'ssl' has no attribute 'wrap_socket' · Issue #795 · eventlet/eventlet
April 3, 2023 - From What's new: Remove the ssl.wrap_socket() function, deprecated in Python 3.7: instead, create a ssl.SSLContext object and call its ssl.SSLContext.wrap_socket method. Any package that still uses ssl.wrap_socket() is broken and insecure. The function neither sends a SNI TLS extension nor validates server hostname.
Author hrnciar
Trac Project
trac.edgewall.org › ticket › 13749
#13749 (Remove the ssl.wrap_socket() function, deprecated in Python 3.7) – The Trac Project
Serving on 0.0.0.0:3000 view at ... 381, in main serve() File "/home/jun66j5/src/tracdev/git/trac/web/standalone.py", line 344, in serve httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True, ^^^^^^^^^^^^^^^ AttributeError: module 'ssl' has no attribute ...