Free cookie consent management tool by TermsFeed The do_handshake() method of SSLSocket class in Python | Pythontic.com

The do_handshake() method of SSLSocket class in Python

Method Name:

do_handshake

Method Signature:

do_handshake(block=False)

Parameters:

block – Default value is False.  When specified True depends on the timeout value of socket for the duration of blocking before handshake is complete.

Return Value:

None

Overview:

  • The method do_handshake() does the TLS handshaking with the peer.
  • While the TLS handshaking can be done as part of connecting with the peer, it can also be opted for later by calling the do_handshake() explicitly.
  • In the Python code example below, if the wrap_socket() method on the SSLContext instance is called with do_handshake_on_connect = True (which is the default behaviour), then the time taken for the connect() will be more as it includes the time for completing the TLS handshake.

 

TLS Handshake:

The TLS handshake (also still called as SSL handshake) involves exchanging information and deciding on the following for the TLS communication being established:

  • The TLS version 
  • Compression method
  • The cipher suit
  • Validating the identity of server and the client
  • Generation of Session Keys.

 

Example:

# Example Python program that uses an SSLSocket instance to
# connect to a server with SSL handshaking done explicitly through
# do_handshake() method

import socket
import ssl
import platform
import time

# Context creation
sslContext              = ssl.create_default_context();
sslContext.verify_mode  = ssl.CERT_REQUIRED;

# Check for OS X platform
if platform.system().lower() == 'darwin':
    import certifi
    import os

    # Load the CA certificates used for validating the peer's certificate
    sslContext.load_verify_locations(cafile=os.path.relpath(certifi.where()),
                                     capath=None,
                                     cadata=None);
# Create an SSLSocket                                    
clientSocket        = socket.socket();
secureClientSocket  = sslContext.wrap_socket(clientSocket, 
                                             do_handshake_on_connect=False,
                                             server_hostname="example.org");

# Only connect, no handshake
t1 = time.time();

retval = secureClientSocket.connect(("example.org", 443));
print("Time taken to establish the connection:%2.3f"%(time.time() - t1));

# Explicit handshake
t3 = time.time();
secureClientSocket.do_handshake();
print("Time taken for SSL handshake:%2.3f"%(time.time() - t3));

# Get the certificate of the server and print
serverCertificate = secureClientSocket.getpeercert();
print("Certificate obtained from the server:");
print(serverCertificate);  

 

Output:

Time taken to establish the connection:0.331
Time taken for SSL handshake:0.433
Certificate obtained from the server:
{'subject': ((('countryName', 'US'),), (('stateOrProvinceName', 'California'),), (('localityName', 'Los Angeles'),), (('organizationName', 'Internet Corporation for Assigned Names and Numbers'),), (('commonName', '*.example.org'),)), 'issuer': ((('countryName', 'US'),), (('organizationName', 'DigiCert Inc'),), (('commonName', 'DigiCert Global G3 TLS ECC SHA384 2020 CA1'),)), 'version': 3, 'serialNumber': '0722A749B558476196D554445EDBD254', 'notBefore': 'Jan 15 00:00:00 2025 GMT', 'notAfter': 'Jan 15 23:59:59 2026 GMT', 'subjectAltName': (('DNS', '*.example.org'), ('DNS', 'example.org')), 'OCSP': ('http://ocsp.digicert.com',), 'caIssuers': ('http://cacerts.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crt',), 'crlDistributionPoints': ('http://crl3.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crl', 'http://crl4.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crl')}

 


Copyright 2025 © pythontic.com