How can I establish an SSL socket connection in Python ssl without needing to provide key files or certificates?
I’m trying to create a secure socket connection in Python, but I’m struggling with the SSL part. The server I’m trying to connect to does not require any keys or certificates. I just need to wrap the socket with SSL. I know the cipher I need to use is ADH-AES256-SHA, and the protocol is TLSv1.
Here is the code I’ve been trying:
import socket
import ssl
# SET VARIABLES
packet, reply = "<packet>SOME_DATA</packet>", ""
HOST, PORT = 'XX.XX.XX.XX', 4434
# CREATE SOCKET
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(10)
# WRAP SOCKET ???
ssl.wrap_socket(sock, ssl_version="TLSv1", ciphers="ADH-AES256-SHA")
# CONNECT AND PRINT REPLY
sock.connect((HOST, PORT))
sock.send(packet)
print(sock.recv(1280))
# CLOSE SOCKET CONNECTION
sock.close()
When I run this, I don’t get any errors, but the response is blank. I also noticed when debugging line by line in the terminal, after running sock.send(packet), I get an integer response of 26. Does anyone know what this means, or can help me resolve this issue?
Hey there! I’ve worked on similar setups before, and I’d recommend using ssl.create_default_context instead of ssl.wrap_socket directly. It’s more secure and offers better flexibility. Here’s an updated version of your code:
import socket
import ssl
# SET VARIABLES
packet, reply = "<packet>SOME_DATA</packet>", ""
HOST, PORT = 'XX.XX.XX.XX', 4434
# CREATE SOCKET
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(10)
# CREATE SSL CONTEXT
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.set_ciphers("ADH-AES256-SHA")
# WRAP SOCKET
ssl_sock = context.wrap_socket(sock, server_hostname=HOST)
# CONNECT AND PRINT REPLY
ssl_sock.connect((HOST, PORT))
ssl_sock.send(packet.encode())
print(ssl_sock.recv(1280))
# CLOSE SOCKET CONNECTION
ssl_sock.close()
What’s changed?
-
ssl.create_default_context() initializes an SSL context that handles the wrapping process securely.
- I included
server_hostname=HOST in wrap_socket, which is good practice for modern SSL/TLS.
- Make sure your
packet is sent as bytes using .encode().
This should fix your blank response issue if the server is configured correctly. Let me know how it works!
Great advice, Rima! Just to build on that: if you know for certain that the server uses TLSv1 and a specific cipher suite, you can customize the SSL context even further. I’ve had to do this a lot when working with older systems. Here’s an updated approach:
import socket
import ssl
# SET VARIABLES
packet, reply = "<packet>SOME_DATA</packet>", ""
HOST, PORT = 'XX.XX.XX.XX', 4434
# CREATE SOCKET
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(10)
# CREATE SSL CONTEXT WITH SPECIFIC SETTINGS
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) # Explicit TLSv1
context.set_ciphers("ADH-AES256-SHA") # Specify cipher
# WRAP SOCKET
ssl_sock = context.wrap_socket(sock, server_hostname=HOST)
# CONNECT AND PRINT REPLY
ssl_sock.connect((HOST, PORT))
ssl_sock.send(packet.encode())
print(ssl_sock.recv(1280))
# CLOSE SOCKET CONNECTION
ssl_sock.close()
Why this works?
-
ssl.SSLContext(ssl.PROTOCOL_TLSv1) ensures compatibility with servers that use TLSv1 explicitly.
-
set_ciphers("ADH-AES256-SHA") directly specifies the cipher suite, which is ideal for your use case.
If the server is still not responding as expected, you might want to check if it truly supports these protocols and ciphers. Let me know how this works!
Tim’s point is spot on! If the code still results in blank responses, it might be an issue with the SSL handshake or how the server is configured. You can enable debugging to get detailed logs and pinpoint the issue. Here’s how to modify the code:
import socket
import ssl
import logging
# Enable SSL debugging
logging.basicConfig(level=logging.DEBUG)
# SET VARIABLES
packet, reply = "<packet>SOME_DATA</packet>", ""
HOST, PORT = 'XX.XX.XX.XX', 4434
# CREATE SOCKET
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(10)
# CREATE SSL CONTEXT
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.set_ciphers("ADH-AES256-SHA")
# WRAP SOCKET
ssl_sock = context.wrap_socket(sock, server_hostname=HOST)
# CONNECT AND PRINT REPLY
ssl_sock.connect((HOST, PORT))
ssl_sock.send(packet.encode())
print(ssl_sock.recv(1280))
# CLOSE SOCKET CONNECTION
ssl_sock.close()
Why enable debugging?
- Setting
logging.basicConfig(level=logging.DEBUG) logs the SSL handshake and connection process, making it easier to diagnose issues.
- For instance, if the server doesn’t support the cipher suite or protocol, you’ll see it here.
If debugging shows mismatched settings, you may need to adjust the cipher suite or protocol. Let us know what the logs say!