Error [SSL: WRONG_VERSION_NUMBER] when trying to re-wrap a socket

Question

I'm building a TCP Server-Client app to run locally for a school project. In order to send login credentials from the client to the server, we're supposed to encrypt the application data messages using SSL/TLS, and go back to using uncrypted data for other message exchanges. I was able to do those two things using the ssl library for Python, however, after I've unwrapped a socket and attempt to wrapt it again, i get the following error:

  File "D:\Documentos\USP\MAC0352 - Redes\EP2\ServidorHibrido-JogoDaVelha\src\cliente.py", line 18, in <module>
    sockt = ssl.wrap_socket(sockt)
  File "C:\Users\vitor\AppData\Local\Programs\Python\Python39\lib\ssl.py", line 1405, in wrap_socket
    return context.wrap_socket(
  File "C:\Users\vitor\AppData\Local\Programs\Python\Python39\lib\ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "C:\Users\vitor\AppData\Local\Programs\Python\Python39\lib\ssl.py", line 1040, in _create
    self.do_handshake()
  File "C:\Users\vitor\AppData\Local\Programs\Python\Python39\lib\ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1122)

I think its very unlikely that the error message is correct (or at least clear), given that the SSL handshake and message exchange has worked perfectly the first time.

Here is the login function in the server script:

def login(self):
        self.socket = ssl.wrap_socket(self.socket, server_side=True, keyfile="cert/MyKey.key", certfile="cert/MyCertificate.crt")
        credentials = self.socket.recv(1024)
        print("Received credentials: ", credentials)
        self.socket = self.socket.unwrap()
        return True

And the client script:

#!/usr/bin/env python3
import socket
import ssl


HOST = '127.0.0.1'  # The server's hostname or IP address
PORT = 4000        # The port used by the server

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sockt:
    sockt.connect((HOST, PORT))
    while (True):
        v = input("JogoDaVelha> ")
        comando = v.split()
        if (comando[0] == "login"):
            # Sends a message indicating to the server to start an SSL handshake
            sockt.sendall(bytes('login', 'ascii'))
            sockt = ssl.wrap_socket(sockt)
            sockt.send(bytes(comando[1] + ' ' + comando[2], 'ascii'))
            sockt = sockt.unwrap()
            continue
        if (v == "exit"):
            break
        sockt.sendall(bytes(v, 'ascii'))
        data = sockt.recv(1024)
        print('Received', repr(data))

Can anyone help me?

Answer 1

I know its super late, and I must admit I know next to nothing about the subject. HOWEVER, I had the same error caused by an id10T error.. (using https in an address when I should have use http). When I dug into the ssl.py file mentioned in the error I found the following message in the class definition:

When compared to SSLSocket , this object lacks the following features:

 * Any form of network IO, including methods such as ``recv`` and ``send``.
 * The ``do_handshake_on_connect`` and ``suppress_ragged_eofs`` machinery.

Looks like the socket 'send' and 'recv' aren't compatible for your approach. Apologies I can't offer more info, just happened to stumble on your post looking for my own answer