This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: misleading error message from ssl.get_server_certificate() when bad port
Type: behavior Stage: resolved
Components: SSL Versions: Python 3.6
Status: closed Resolution: wont fix
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: benjamin.peterson, cedricvanrompay, christian.heimes, ruluk
Priority: normal Keywords:

Created on 2018-12-05 21:24 by cedricvanrompay, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Messages (4)
msg331171 - (view) Author: Cédric Van Rompay (cedricvanrompay) Date: 2018-12-05 21:24
When calling ssl.get_server_certificate() with a bad port number (I used 80 when I should have been using 443), the error raised is a bit misleading:

    >>> import ssl
    >>> ssl.get_server_certificate(('',80))
    SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847)

"SSL: wrong version number" seems to indicate that there is a mismatch between SSL versions supported by the client and the ones supported by the server. When here I guess the problem would better be described as "there is no SSL available at this address+port".
msg331205 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2018-12-06 05:42
Note this is just the error that OpenSSL produces. There isn't a whole Python can do to change it.
msg339656 - (view) Author: Ruluk (ruluk) Date: 2019-04-08 16:22
I would still validate the error somewhere, maybe before reaching the OpenSSL library, because that same error is also shown for other cases. E.g:

http_connection = HTTPSConnection("localhost")
http_connection.request("POST", my_url, my_body, my_headers)

The use of an HTTPS connection for localhost effectively produces the same "SSL: WRONG VERSION NUMBER" error.
msg391398 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-04-19 19:59
There is no easy fix for that. The TLS handskae is performed by OpenSSL internally. You could open a feature request with OpenSSL and ask them to implement better error detection and reporting.
Date User Action Args
2022-04-11 14:59:08adminsetgithub: 79603
2021-04-19 19:59:09christian.heimessetstatus: open -> closed
resolution: wont fix
messages: + msg391398

stage: resolved
2019-04-08 16:22:15ruluksetnosy: + ruluk
messages: + msg339656
2018-12-06 05:42:59benjamin.petersonsetnosy: + benjamin.peterson
messages: + msg331205
2018-12-05 21:24:32cedricvanrompaycreate