:::: MENU ::::

openssl/pyOpenSSL – “SSL23_GET_SERVER_HELLO:tlsv1 alert internal error”

  • Jun 09 / 2016
  • 0
Linux, Python

openssl/pyOpenSSL – “SSL23_GET_SERVER_HELLO:tlsv1 alert internal error”

You’re getting this annoying error message again and again when trying to fetch certificate and/or establish a connection to your website using openssl:

139647967614624:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:769:

This issue is well known in several openssl versions, and a bug has been addressed for Ubuntu repositories:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228

For now, there’s a simple workaround that works to quickly fix it!

For openssl

If you’re facing it while using openssl directly, you can fix it by specifying the servername on command-line:

openssl s_client -connect www.mywebsite.com:443 -servername www.mywebsite.com

For pyOpenSSL

If you’re having this issue while using pyOpenSSL (python wrapper for OpenSSL), it can also be fixed with a quick workaround by adding the option set_tlsext_host_name() to specify the server name in your “Connection” object.
You will get something like this:

import socket
from OpenSSL import SSL

# REPLACE WITH YOUR OWN WEBSITE
hostname = 'www.mywebsite.com'
ctx = SSL.Context(SSL.TLSv1_METHOD)
sock = socket.socket()
ssl_sock = SSL.Connection(ctx, sock)
ssl_sock.set_tlsext_host_name(hostname)
ssl_sock.connect((hostname, 443))
ssl_sock.do_handshake()
cert = ssl_sock.get_peer_certificate()
print cert.get_subject().commonName

Comments are closed.

Question ? Contact