ssl socket wrapper returns error on connect

Question

When opening a ssl-wraped socket, I get the error ssl.SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:581)

The server is running TLSv1.1

My code is

import socket, ssl
uw = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s = ssl.wrap_socket(uw, ssl_version=ssl.PROTOCOL_TLSv1_1)
s.connect((host, port))

I can't figure it out. I've tried using a cacert file and get the same error.

s = ssl.wrap_socket(uw, ca_certs="cacert.pem", cert_reqs=ssl.CERT_REQUIRED)

Answer 1

I had the same error. You should use port 443 for HTTPS. I was still using port 80.

parsed = urlparse.urlparse(url)
PORT = 443 
HOST = parsed.netloc
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s = ssl.wrap_socket(sock,ssl_version=ssl.PROTOCOL_SSLv23,ciphers="")
s.connect((HOST, PORT))

s.sendall('GET '+parsed.geturl()+ ' HTTP/1.1\r\n'\
        +'Host: '+HOST+'\r\n'
        +'\r\n')

data = ""
while True:
    res = s.recv(4096)
    if not res:
        break
    data += res 
s.close()

Answer 2

Ok Found my problem: wrong port. I was connecting to the normal port and not the SSL-wrapped port.

Answer 3

It is not the ssl socket, but the inner socket itself. So, when constructing the uw socket specify the family and the protocol like:

uw = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

Note that the above is just an example for TCP (SOCK_STREAM) sockets working on IPV4 (AF_INET) only.