Python ssl unable to connect to TLS1.2 server with TLS1.2 client












0















I'm working on a python3 socket + ssl server to use for data exchange between a server and a client. I have made a client that works with Google.com, python.org and my own apache2 web server.



When I fire up my server and try to connect via open ssl with
openssl s_client -connect myserver.com:8443
it returns: 



    CONNECTED(00000003)

    140035580617152:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:

    ---

    no peer certificate available

    ---

    No client certificate CA names sent

    ---

    SSL handshake has read 5 bytes and written 176 bytes

    Verification: OK

    ---

    New, (NONE), Cipher is (NONE)

    Secure Renegotiation IS NOT supported

    Compression: NONE

    Expansion: NONE

    No ALPN negotiated

    SSL-Session:

        Protocol  : TLSv1.2

        Cipher    : 0000

        Session-ID: 

        Session-ID-ctx: 

        Master-Key: 

        PSK identity: None

        PSK identity hint: None

        SRP username: None

        Start Time: 1547929149

        Timeout   : 7200 (sec)

        Verify return code: 0 (ok)

        Extended master secret: no

    ---


I'm not sure about this but it looks like TLSv1.2 is supported.
When I try to connect to it with my client though I get the following error



    Traceback (most recent call last):

      File "client-1.py", line 38, in <module>

        sock.connect((HOST, PORT))

      File "/usr/lib/python3.6/ssl.py", line 1109, in connect

        self._real_connect(addr, False)

      File "/usr/lib/python3.6/ssl.py", line 1100, in _real_connect

        self.do_handshake()

      File "/usr/lib/python3.6/ssl.py", line 1077, in do_handshake

        self._sslobj.do_handshake()

      File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake

        self._sslobj.do_handshake()

    ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847)


The weird part is then when I use my client to connect to, for example, my own apache2 server (with ssl) it returns TLSv1.2 which really makes me wonder whether the problem lies with my client or my server



I have already tried to use different TLS / SSL versions on the server and the client but none of then have worked so far.
One of the other things I tried was updating OpenSSL and as of 1/19/2019 it is on the newest version available on Ubuntu 18.04



My server looks as follows



import socket

import sys

from _thread import *

import ssl



context = ssl.SSLContext()

ssl.PROTOCOL_TLS_SERVER

#context.load_cert_chain(certfile="ssl/localhost/localhost.crt", keyfile="ssl/localhost/localhost.key")

context.load_cert_chain(certfile="ssl/certificate.crt", keyfile="ssl/private.key")





host = ''

port = 8443

print(port)



buffer = 134217700 #128 MiB



s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)









def log_client_to_file(ip, port, data, file):

    #context manager

    with open(file, 'a') as f:

        f.write("User sent data from:ntIP: %sntPort: %snData:n%snn" % (ip, port, data))



    #close file

    f.close()



def conn_process(buffer):

    data_tmp = conn.recv(buffer)

    data = str.encode('')

    while len(data_tmp) > 2:

        data += data_tmp

        data_tmp = conn.recv(buffer

        if len(data_tmp) < 2:

            data += data_tmp

            break

    return data



try:

    s.bind((host,port))

except socket.error as e:

    print(str(e))





s.listen(4)





print('Server is up and waiting for connection')

def client_threaded(conn, ip, port, file):

    conn.send(str.encode('Connected'))



    while True:



        data = conn_process(buffer)



        reply = 'Server output: %s' % data.decode('utf-8')

        if not data:

            break

        conn.sendall(str.encode(reply))

        log_client_to_file(ip, port, data, file)



while True:

    conn, addr = s.accept()

    print('connected to: %s:%s' % (addr[0], str(addr[1])))





    start_new_thread(client_threaded, (conn, addr[0], str(addr[1]), 'connections.log'))



s.close()





s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)


Now, my client is built up like this,



import socket

import ssl



HOST = 'myserver.com'

PORT = 8443





args = ssl.SSLContext()

ssl.PROTOCOL_TLS_CLIENT

args.verify_mode = ssl.CERT_NONE

args.check_hostname = False

#ssl.ca_certs="ssl/ca_bundle.crt",



s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

sock = args.wrap_socket(s, server_hostname=HOST)



sock.connect((HOST, PORT))



print(sock.version())


Note: since I am working with self signed certificates for testing purposes I do not validate them yet



Since Both the client and the server use TLS I expected the connection not to be an issue, but I keep getting the aforementioned error,
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847) which surprises me since I can't find any errors.
Maybe you guys know what I am doing wrong and how I can fix it



Note, I am using python 3.6 and OpenSSL 1.1.0g 2 Nov 2017






python python-3.x sockets ssl tls1.2







share|improve this question























  • Perhaps I missed it but it doesn't look like your server is doing TLS at all. You create an SSLContext, populate it with certificates and a key, and then never use it again.

    – James K Polk
    Jan 20 at 0:48
















0















I'm working on a python3 socket + ssl server to use for data exchange between a server and a client. I have made a client that works with Google.com, python.org and my own apache2 web server.



When I fire up my server and try to connect via open ssl with
openssl s_client -connect myserver.com:8443
it returns: 



    CONNECTED(00000003)

    140035580617152:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:

    ---

    no peer certificate available

    ---

    No client certificate CA names sent

    ---

    SSL handshake has read 5 bytes and written 176 bytes

    Verification: OK

    ---

    New, (NONE), Cipher is (NONE)

    Secure Renegotiation IS NOT supported

    Compression: NONE

    Expansion: NONE

    No ALPN negotiated

    SSL-Session:

        Protocol  : TLSv1.2

        Cipher    : 0000

        Session-ID: 

        Session-ID-ctx: 

        Master-Key: 

        PSK identity: None

        PSK identity hint: None

        SRP username: None

        Start Time: 1547929149

        Timeout   : 7200 (sec)

        Verify return code: 0 (ok)

        Extended master secret: no

    ---


I'm not sure about this but it looks like TLSv1.2 is supported.
When I try to connect to it with my client though I get the following error



    Traceback (most recent call last):

      File "client-1.py", line 38, in <module>

        sock.connect((HOST, PORT))

      File "/usr/lib/python3.6/ssl.py", line 1109, in connect

        self._real_connect(addr, False)

      File "/usr/lib/python3.6/ssl.py", line 1100, in _real_connect

        self.do_handshake()

      File "/usr/lib/python3.6/ssl.py", line 1077, in do_handshake

        self._sslobj.do_handshake()

      File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake

        self._sslobj.do_handshake()

    ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847)


The weird part is then when I use my client to connect to, for example, my own apache2 server (with ssl) it returns TLSv1.2 which really makes me wonder whether the problem lies with my client or my server



I have already tried to use different TLS / SSL versions on the server and the client but none of then have worked so far.
One of the other things I tried was updating OpenSSL and as of 1/19/2019 it is on the newest version available on Ubuntu 18.04



My server looks as follows



import socket

import sys

from _thread import *

import ssl



context = ssl.SSLContext()

ssl.PROTOCOL_TLS_SERVER

#context.load_cert_chain(certfile="ssl/localhost/localhost.crt", keyfile="ssl/localhost/localhost.key")

context.load_cert_chain(certfile="ssl/certificate.crt", keyfile="ssl/private.key")





host = ''

port = 8443

print(port)



buffer = 134217700 #128 MiB



s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)









def log_client_to_file(ip, port, data, file):

    #context manager

    with open(file, 'a') as f:

        f.write("User sent data from:ntIP: %sntPort: %snData:n%snn" % (ip, port, data))



    #close file

    f.close()



def conn_process(buffer):

    data_tmp = conn.recv(buffer)

    data = str.encode('')

    while len(data_tmp) > 2:

        data += data_tmp

        data_tmp = conn.recv(buffer

        if len(data_tmp) < 2:

            data += data_tmp

            break

    return data



try:

    s.bind((host,port))

except socket.error as e:

    print(str(e))





s.listen(4)





print('Server is up and waiting for connection')

def client_threaded(conn, ip, port, file):

    conn.send(str.encode('Connected'))



    while True:



        data = conn_process(buffer)



        reply = 'Server output: %s' % data.decode('utf-8')

        if not data:

            break

        conn.sendall(str.encode(reply))

        log_client_to_file(ip, port, data, file)



while True:

    conn, addr = s.accept()

    print('connected to: %s:%s' % (addr[0], str(addr[1])))





    start_new_thread(client_threaded, (conn, addr[0], str(addr[1]), 'connections.log'))



s.close()





s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)


Now, my client is built up like this,



import socket

import ssl



HOST = 'myserver.com'

PORT = 8443





args = ssl.SSLContext()

ssl.PROTOCOL_TLS_CLIENT

args.verify_mode = ssl.CERT_NONE

args.check_hostname = False

#ssl.ca_certs="ssl/ca_bundle.crt",



s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

sock = args.wrap_socket(s, server_hostname=HOST)



sock.connect((HOST, PORT))



print(sock.version())


Note: since I am working with self signed certificates for testing purposes I do not validate them yet



Since Both the client and the server use TLS I expected the connection not to be an issue, but I keep getting the aforementioned error,
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847) which surprises me since I can't find any errors.
Maybe you guys know what I am doing wrong and how I can fix it



Note, I am using python 3.6 and OpenSSL 1.1.0g 2 Nov 2017






python python-3.x sockets ssl tls1.2







share|improve this question























  • Perhaps I missed it but it doesn't look like your server is doing TLS at all. You create an SSLContext, populate it with certificates and a key, and then never use it again.

    – James K Polk
    Jan 20 at 0:48














0












0








0








I'm working on a python3 socket + ssl server to use for data exchange between a server and a client. I have made a client that works with Google.com, python.org and my own apache2 web server.



When I fire up my server and try to connect via open ssl with
openssl s_client -connect myserver.com:8443
it returns: 



    CONNECTED(00000003)

    140035580617152:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:

    ---

    no peer certificate available

    ---

    No client certificate CA names sent

    ---

    SSL handshake has read 5 bytes and written 176 bytes

    Verification: OK

    ---

    New, (NONE), Cipher is (NONE)

    Secure Renegotiation IS NOT supported

    Compression: NONE

    Expansion: NONE

    No ALPN negotiated

    SSL-Session:

        Protocol  : TLSv1.2

        Cipher    : 0000

        Session-ID: 

        Session-ID-ctx: 

        Master-Key: 

        PSK identity: None

        PSK identity hint: None

        SRP username: None

        Start Time: 1547929149

        Timeout   : 7200 (sec)

        Verify return code: 0 (ok)

        Extended master secret: no

    ---


I'm not sure about this but it looks like TLSv1.2 is supported.
When I try to connect to it with my client though I get the following error



    Traceback (most recent call last):

      File "client-1.py", line 38, in <module>

        sock.connect((HOST, PORT))

      File "/usr/lib/python3.6/ssl.py", line 1109, in connect

        self._real_connect(addr, False)

      File "/usr/lib/python3.6/ssl.py", line 1100, in _real_connect

        self.do_handshake()

      File "/usr/lib/python3.6/ssl.py", line 1077, in do_handshake

        self._sslobj.do_handshake()

      File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake

        self._sslobj.do_handshake()

    ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847)


The weird part is then when I use my client to connect to, for example, my own apache2 server (with ssl) it returns TLSv1.2 which really makes me wonder whether the problem lies with my client or my server



I have already tried to use different TLS / SSL versions on the server and the client but none of then have worked so far.
One of the other things I tried was updating OpenSSL and as of 1/19/2019 it is on the newest version available on Ubuntu 18.04



My server looks as follows



import socket

import sys

from _thread import *

import ssl



context = ssl.SSLContext()

ssl.PROTOCOL_TLS_SERVER

#context.load_cert_chain(certfile="ssl/localhost/localhost.crt", keyfile="ssl/localhost/localhost.key")

context.load_cert_chain(certfile="ssl/certificate.crt", keyfile="ssl/private.key")





host = ''

port = 8443

print(port)



buffer = 134217700 #128 MiB



s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)









def log_client_to_file(ip, port, data, file):

    #context manager

    with open(file, 'a') as f:

        f.write("User sent data from:ntIP: %sntPort: %snData:n%snn" % (ip, port, data))



    #close file

    f.close()



def conn_process(buffer):

    data_tmp = conn.recv(buffer)

    data = str.encode('')

    while len(data_tmp) > 2:

        data += data_tmp

        data_tmp = conn.recv(buffer

        if len(data_tmp) < 2:

            data += data_tmp

            break

    return data



try:

    s.bind((host,port))

except socket.error as e:

    print(str(e))





s.listen(4)





print('Server is up and waiting for connection')

def client_threaded(conn, ip, port, file):

    conn.send(str.encode('Connected'))



    while True:



        data = conn_process(buffer)



        reply = 'Server output: %s' % data.decode('utf-8')

        if not data:

            break

        conn.sendall(str.encode(reply))

        log_client_to_file(ip, port, data, file)



while True:

    conn, addr = s.accept()

    print('connected to: %s:%s' % (addr[0], str(addr[1])))





    start_new_thread(client_threaded, (conn, addr[0], str(addr[1]), 'connections.log'))



s.close()





s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)


Now, my client is built up like this,



import socket

import ssl



HOST = 'myserver.com'

PORT = 8443





args = ssl.SSLContext()

ssl.PROTOCOL_TLS_CLIENT

args.verify_mode = ssl.CERT_NONE

args.check_hostname = False

#ssl.ca_certs="ssl/ca_bundle.crt",



s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

sock = args.wrap_socket(s, server_hostname=HOST)



sock.connect((HOST, PORT))



print(sock.version())


Note: since I am working with self signed certificates for testing purposes I do not validate them yet



Since Both the client and the server use TLS I expected the connection not to be an issue, but I keep getting the aforementioned error,
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847) which surprises me since I can't find any errors.
Maybe you guys know what I am doing wrong and how I can fix it



Note, I am using python 3.6 and OpenSSL 1.1.0g 2 Nov 2017






python python-3.x sockets ssl tls1.2







share|improve this question














I'm working on a python3 socket + ssl server to use for data exchange between a server and a client. I have made a client that works with Google.com, python.org and my own apache2 web server.



When I fire up my server and try to connect via open ssl with
openssl s_client -connect myserver.com:8443
it returns: 



    CONNECTED(00000003)

    140035580617152:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:

    ---

    no peer certificate available

    ---

    No client certificate CA names sent

    ---

    SSL handshake has read 5 bytes and written 176 bytes

    Verification: OK

    ---

    New, (NONE), Cipher is (NONE)

    Secure Renegotiation IS NOT supported

    Compression: NONE

    Expansion: NONE

    No ALPN negotiated

    SSL-Session:

        Protocol  : TLSv1.2

        Cipher    : 0000

        Session-ID: 

        Session-ID-ctx: 

        Master-Key: 

        PSK identity: None

        PSK identity hint: None

        SRP username: None

        Start Time: 1547929149

        Timeout   : 7200 (sec)

        Verify return code: 0 (ok)

        Extended master secret: no

    ---


I'm not sure about this but it looks like TLSv1.2 is supported.
When I try to connect to it with my client though I get the following error



    Traceback (most recent call last):

      File "client-1.py", line 38, in <module>

        sock.connect((HOST, PORT))

      File "/usr/lib/python3.6/ssl.py", line 1109, in connect

        self._real_connect(addr, False)

      File "/usr/lib/python3.6/ssl.py", line 1100, in _real_connect

        self.do_handshake()

      File "/usr/lib/python3.6/ssl.py", line 1077, in do_handshake

        self._sslobj.do_handshake()

      File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake

        self._sslobj.do_handshake()

    ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847)


The weird part is then when I use my client to connect to, for example, my own apache2 server (with ssl) it returns TLSv1.2 which really makes me wonder whether the problem lies with my client or my server



I have already tried to use different TLS / SSL versions on the server and the client but none of then have worked so far.
One of the other things I tried was updating OpenSSL and as of 1/19/2019 it is on the newest version available on Ubuntu 18.04



My server looks as follows



import socket

import sys

from _thread import *

import ssl



context = ssl.SSLContext()

ssl.PROTOCOL_TLS_SERVER

#context.load_cert_chain(certfile="ssl/localhost/localhost.crt", keyfile="ssl/localhost/localhost.key")

context.load_cert_chain(certfile="ssl/certificate.crt", keyfile="ssl/private.key")





host = ''

port = 8443

print(port)



buffer = 134217700 #128 MiB



s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)









def log_client_to_file(ip, port, data, file):

    #context manager

    with open(file, 'a') as f:

        f.write("User sent data from:ntIP: %sntPort: %snData:n%snn" % (ip, port, data))



    #close file

    f.close()



def conn_process(buffer):

    data_tmp = conn.recv(buffer)

    data = str.encode('')

    while len(data_tmp) > 2:

        data += data_tmp

        data_tmp = conn.recv(buffer

        if len(data_tmp) < 2:

            data += data_tmp

            break

    return data



try:

    s.bind((host,port))

except socket.error as e:

    print(str(e))





s.listen(4)





print('Server is up and waiting for connection')

def client_threaded(conn, ip, port, file):

    conn.send(str.encode('Connected'))



    while True:



        data = conn_process(buffer)



        reply = 'Server output: %s' % data.decode('utf-8')

        if not data:

            break

        conn.sendall(str.encode(reply))

        log_client_to_file(ip, port, data, file)



while True:

    conn, addr = s.accept()

    print('connected to: %s:%s' % (addr[0], str(addr[1])))





    start_new_thread(client_threaded, (conn, addr[0], str(addr[1]), 'connections.log'))



s.close()





s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)


Now, my client is built up like this,



import socket

import ssl



HOST = 'myserver.com'

PORT = 8443





args = ssl.SSLContext()

ssl.PROTOCOL_TLS_CLIENT

args.verify_mode = ssl.CERT_NONE

args.check_hostname = False

#ssl.ca_certs="ssl/ca_bundle.crt",



s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

sock = args.wrap_socket(s, server_hostname=HOST)



sock.connect((HOST, PORT))



print(sock.version())


Note: since I am working with self signed certificates for testing purposes I do not validate them yet



Since Both the client and the server use TLS I expected the connection not to be an issue, but I keep getting the aforementioned error,
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847) which surprises me since I can't find any errors.
Maybe you guys know what I am doing wrong and how I can fix it



Note, I am using python 3.6 and OpenSSL 1.1.0g 2 Nov 2017






python python-3.x sockets ssl tls1.2




python python-3.x sockets ssl tls1.2






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 19 at 21:05









JoeriJoeri

186




186













  • Perhaps I missed it but it doesn't look like your server is doing TLS at all. You create an SSLContext, populate it with certificates and a key, and then never use it again.

    – James K Polk
    Jan 20 at 0:48



















  • Perhaps I missed it but it doesn't look like your server is doing TLS at all. You create an SSLContext, populate it with certificates and a key, and then never use it again.

    – James K Polk
    Jan 20 at 0:48

















Perhaps I missed it but it doesn't look like your server is doing TLS at all. You create an SSLContext, populate it with certificates and a key, and then never use it again.

– James K Polk
Jan 20 at 0:48





Perhaps I missed it but it doesn't look like your server is doing TLS at all. You create an SSLContext, populate it with certificates and a key, and then never use it again.

– James K Polk
Jan 20 at 0:48












1 Answer
1






active

oldest

votes


















0















I'm not sure about this but it looks like TLSv1.2 is supported.




No it doesn't.



... ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:

...

SSL handshake has read 5 bytes and written 176 bytes

...

   Protocol  : TLSv1.2

   Cipher    : 0000


This shows that the clients starts the TLS handshake with a ClientHello (176 bytes) and gets only 5 bytes back from the server, which is too short for the expected response inside the TLS handshake. And these 5 bytes don't contain a TLS version number and that's why it croaks with wrong version number. This is also indicated by no common cipher: Cipher : 0000.



Looking at the code of your server it seems to me that you are setting up some SSL context at the beginning (and the shown code seems to be broken too) but never actually use it, i.e. your server is plain TCP only. No wonder the client croaks about it.






share|improve this answer


























  • Okay, I am stupid and as you said I don't actually use the parameters set for the SSL function. I forgot to use wrap_socket().

    – Joeri
    Jan 20 at 16:33













Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54271387%2fpython-ssl-unable-to-connect-to-tls1-2-server-with-tls1-2-client%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0















I'm not sure about this but it looks like TLSv1.2 is supported.




No it doesn't.



... ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:

...

SSL handshake has read 5 bytes and written 176 bytes

...

   Protocol  : TLSv1.2

   Cipher    : 0000


This shows that the clients starts the TLS handshake with a ClientHello (176 bytes) and gets only 5 bytes back from the server, which is too short for the expected response inside the TLS handshake. And these 5 bytes don't contain a TLS version number and that's why it croaks with wrong version number. This is also indicated by no common cipher: Cipher : 0000.



Looking at the code of your server it seems to me that you are setting up some SSL context at the beginning (and the shown code seems to be broken too) but never actually use it, i.e. your server is plain TCP only. No wonder the client croaks about it.






share|improve this answer


























  • Okay, I am stupid and as you said I don't actually use the parameters set for the SSL function. I forgot to use wrap_socket().

    – Joeri
    Jan 20 at 16:33


















0















I'm not sure about this but it looks like TLSv1.2 is supported.




No it doesn't.



... ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:

...

SSL handshake has read 5 bytes and written 176 bytes

...

   Protocol  : TLSv1.2

   Cipher    : 0000


This shows that the clients starts the TLS handshake with a ClientHello (176 bytes) and gets only 5 bytes back from the server, which is too short for the expected response inside the TLS handshake. And these 5 bytes don't contain a TLS version number and that's why it croaks with wrong version number. This is also indicated by no common cipher: Cipher : 0000.



Looking at the code of your server it seems to me that you are setting up some SSL context at the beginning (and the shown code seems to be broken too) but never actually use it, i.e. your server is plain TCP only. No wonder the client croaks about it.






share|improve this answer


























  • Okay, I am stupid and as you said I don't actually use the parameters set for the SSL function. I forgot to use wrap_socket().

    – Joeri
    Jan 20 at 16:33
















0












0








0








I'm not sure about this but it looks like TLSv1.2 is supported.




No it doesn't.



... ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:

...

SSL handshake has read 5 bytes and written 176 bytes

...

   Protocol  : TLSv1.2

   Cipher    : 0000


This shows that the clients starts the TLS handshake with a ClientHello (176 bytes) and gets only 5 bytes back from the server, which is too short for the expected response inside the TLS handshake. And these 5 bytes don't contain a TLS version number and that's why it croaks with wrong version number. This is also indicated by no common cipher: Cipher : 0000.



Looking at the code of your server it seems to me that you are setting up some SSL context at the beginning (and the shown code seems to be broken too) but never actually use it, i.e. your server is plain TCP only. No wonder the client croaks about it.






share|improve this answer
















I'm not sure about this but it looks like TLSv1.2 is supported.




No it doesn't.



... ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:

...

SSL handshake has read 5 bytes and written 176 bytes

...

   Protocol  : TLSv1.2

   Cipher    : 0000


This shows that the clients starts the TLS handshake with a ClientHello (176 bytes) and gets only 5 bytes back from the server, which is too short for the expected response inside the TLS handshake. And these 5 bytes don't contain a TLS version number and that's why it croaks with wrong version number. This is also indicated by no common cipher: Cipher : 0000.



Looking at the code of your server it seems to me that you are setting up some SSL context at the beginning (and the shown code seems to be broken too) but never actually use it, i.e. your server is plain TCP only. No wonder the client croaks about it.







share|improve this answer














share|improve this answer



share|improve this answer








edited Jan 20 at 6:21

























answered Jan 20 at 6:16









Steffen UllrichSteffen Ullrich

60.8k35898




60.8k35898













  • Okay, I am stupid and as you said I don't actually use the parameters set for the SSL function. I forgot to use wrap_socket().

    – Joeri
    Jan 20 at 16:33





















  • Okay, I am stupid and as you said I don't actually use the parameters set for the SSL function. I forgot to use wrap_socket().

    – Joeri
    Jan 20 at 16:33



















Okay, I am stupid and as you said I don't actually use the parameters set for the SSL function. I forgot to use wrap_socket().

– Joeri
Jan 20 at 16:33







Okay, I am stupid and as you said I don't actually use the parameters set for the SSL function. I forgot to use wrap_socket().

– Joeri
Jan 20 at 16:33




















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54271387%2fpython-ssl-unable-to-connect-to-tls1-2-server-with-tls1-2-client%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Liquibase includeAll doesn't find base path

Image
0 while migrating a project from maven to gradle I ran in the following problem. My file structure looks like this: The changelog-master.xml includes the changelog-v1-0.xml, which then should include the directory v1-0 with following line: <includeAll path="src/main/resources/liquibase/changelogs/v1-0/" errorIfMissingOrEmpty="true" /> . This works just fine. This: <includeAll path="/liquibase/changelogs/v1-0/" errorIfMissingOrEmpty="true" relativeToChangelogFile="true" /> doesn't. I get following errormessage: Cannot find base path 'src/main/resources/liquibase/changelogs/changelog-v1-0.xml' with liquibase in version 3.6.2. I also tried the versions 3.6.0, 3.6.1 and 3.5.5. I am using gradle to build my project in version 4.9
Read more

How to use setInterval in EJS file?

Image
0 I have a problem with using setInterval in my EJS file, which is part of my nodejs app (with Express). I have created function getRandomSubarray , which chooses randomly subset of images from array. I want to change this subset every three seconds. This is problematic piece of my code: <%setInterval(function(){%> <%RandomSubrecipesImg=tools.getRandomSubarray(recipesImg,4)%> <div class="navbar-image-box col-sm-3 d-none d-sm-block"><img class="navbar-image" src="<%=RandomSubrecipesImg[0].replace('public',"")%>"></div> <div class="navbar-image-box col-sm-3 d-none d-sm-block"><img class="navbar-image" src="<%=RandomSubrecipesImg[1].replace('public',"")%>">&
Read more

Petrus Granier-Deferre

Image
Petrus Granier-Deferre (Lutetiae die 27 Iulii 1927 natus; ibidem die 16 Novembris 2007 mortuus) fuit moderator cinematographicus et dux scaenarum Francicus. Pelliculae selectae | 1961 : Le Petit Garçon de l'ascenseur 1962 : Les Aventures de Salavin (sous-titré Confession de minuit) 1965 : La Métamorphose des cloportes 1965 : Paris au mois d'août 1967 : Le Grand Dadais 1970 : La Horse 1971 : Le Chat 1971 : La Veuve Couderc 1973 : Le Fils 1973 : Le Train 1974 : La Race des seigneurs 1975 : La Cage 1975 : Adieu poulet 1976 : Une femme à sa fenêtre 1976 : Le Toubib 1981 : Une étrange affaire 1982 : L'Étoile du Nord 1983 : L'Ami de Vincent 1985 : L'Homme aux yeux d'argent 1986 : Cours privé 1987 : Noyade interdite 1988 : La Couleur du vent 1990 : L'Autrichienne 1995 : Le Petit Garçon 1992 : La Voix 1993 : Archipel 1995 : Maigret et la vente à la bougie (TV) 1996 : La Dernière Fête (TV) 1997 : Maigret et l'enfant de c
Read more