Shutdown method of SSLSocket class in Python

  1. Home
  2. Ssl
  3. Sslsocket
  4. Shutdown

Method Name:

shutdown

Method Signature:

shutdown(how)

Parameters:

how – Describes what operations are shutdown on the SSLSocket instance.

Valid values are SHUT_RD, SHUT_WR, SHUT_RDWR.

SHUT_RD – Read operations are shutdown on the socket instance meaning the socket cannot receive any data.

SHUT_WR – Write operations are shutdown on the socket instance meaning the socket cannot send any data.

SHUT_RDWR – Both read and write operations are shutdown on the socket meaning the socket cannot send and receive any data.

Return Value:

None

Overview:

  • The method shutdown() stops read operations or write operations or both of them on a socket instance.
  • Though calling close() method makes the socket state closed and frees the underlying resources rendering the socket unusable, it may not happen immediately after a call to the close() method. Hence it is recommended to call shutdown() on a socket first and then proceed with the close() method.

Note:

As of this writing,

  • The shutdown() method should not be called directly anytime on the original socket instance that was used for creating the SSLSocket instance. The reason is once an SSLSocket is created using the wrap_socket() method of an SSLContext instance, the original socket is detached and the associated file descriptor is marked invalid. Doing so, will raise an “OSError: Bad file descriptor”.
  • To make sure to close the file descriptor associated with the original socket instance that was used to create the SSLSocket, socket.close() can be called on the original socket instance, right after the call to the SSLContext.wrap_socket() method.
  • The wrap_socket() method does merely the copying of the socket attributes or properties in creating the SSLSocket and does not contain the original socket instance.

 

Example:

# Example Python program that calls shutdown() method

# on an SSLSocket instance to stop read/write operations

# on it, before closing the socket

 

import ssl

import socket

import certifi

import os

 

# SSL context creation

sslCt              = ssl.SSLContext();

sslCt.verify_mode  = ssl.CERT_REQUIRED;

 

# Load the CA certificates which are used for validating the peer's certificate

sslCt.load_verify_locations(cafile=os.path.relpath(certifi.where()),

                            capath=None,

                            cadata=None);

 

# Client socket creation

cskt = socket.socket();

 

# Making of the SSLSocket

scskt  = sslCt.wrap_socket(cskt);

 

# Original socket no longer needed

cskt.close();

 

# Print the cipher used

scskt.connect(("example.com", 443));

used = scskt.cipher();

print("Used cipher:");

print(used);

 

# Print the shared ciphers

shared = scskt.shared_ciphers();

print("Shared ciphers:");

print(shared);

 

compression = scskt.compression();

print("Compression used:");

print(compression);

 

# Shutdown the secure socket

scskt.shutdown(socket.SHUT_RDWR);

 

# Close the secure socket

scskt.close();

Output:

Used cipher:

('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)

Shared ciphers:

[('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256), ('TLS_CHACHA20_POLY1305_SHA256', 'TLSv1.3', 256), ('TLS_AES_128_GCM_SHA256', 'TLSv1.3', 128), ('ECDHE-ECDSA-AES256-GCM-SHA384', 'TLSv1.2', 256), ('ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256), ('DHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256), ('ECDHE-ECDSA-CHACHA20-POLY1305', 'TLSv1.2', 256), ('ECDHE-RSA-CHACHA20-POLY1305', 'TLSv1.2', 256), ('DHE-RSA-CHACHA20-POLY1305', 'TLSv1.2', 256), ('ECDHE-ECDSA-AES128-GCM-SHA256', 'TLSv1.2', 128), ('ECDHE-RSA-AES128-GCM-SHA256', 'TLSv1.2', 128), ('DHE-RSA-AES128-GCM-SHA256', 'TLSv1.2', 128), ('ECDHE-ECDSA-AES256-SHA384', 'TLSv1.2', 256), ('ECDHE-RSA-AES256-SHA384', 'TLSv1.2', 256), ('DHE-RSA-AES256-SHA256', 'TLSv1.2', 256), ('ECDHE-ECDSA-AES128-SHA256', 'TLSv1.2', 128), ('ECDHE-RSA-AES128-SHA256', 'TLSv1.2', 128), ('DHE-RSA-AES128-SHA256', 'TLSv1.2', 128), ('ECDHE-ECDSA-AES256-SHA', 'TLSv1.0', 256), ('ECDHE-RSA-AES256-SHA', 'TLSv1.0', 256), ('DHE-RSA-AES256-SHA', 'SSLv3', 256), ('ECDHE-ECDSA-AES128-SHA', 'TLSv1.0', 128), ('ECDHE-RSA-AES128-SHA', 'TLSv1.0', 128), ('DHE-RSA-AES128-SHA', 'SSLv3', 128), ('AES256-GCM-SHA384', 'TLSv1.2', 256), ('AES128-GCM-SHA256', 'TLSv1.2', 128), ('AES256-SHA256', 'TLSv1.2', 256), ('AES128-SHA256', 'TLSv1.2', 128), ('AES256-SHA', 'SSLv3', 256), ('AES128-SHA', 'SSLv3', 128)]

Compression used:

None

 

accept

bind

cipher

compression

do_handshake

getpeercert

The sslsocket class in Python

recv

shared_ciphers

version

Copyright 2024 © pythontic.com