nassl

5.4.0 verified Mon Apr 27 auth: no python

Experimental OpenSSL wrapper for Python 3.10+ and SSLyze, providing low-level access to SSL/TLS internals including X.509 certificate extraction, OCSP stapling, and custom handshake logic. Current version 5.4.0, released approximately quarterly.

pip install nassl

Common errors

error ModuleNotFoundError: No module named 'nassl' ↓

cause Environment running Python <3.10 or nassl not installed.

fix

pip install nassl --upgrade && verify Python version with python --version (must be 3.10+).

error ImportError: cannot import name 'SslClient' from 'nassl' ↓

cause Attempting import from wrong submodule; SslClient is now at top-level.

fix

Use: from nassl import SslClient

error nassl._nassl.OpenSSL_Error: ('ssl', 'tlsv1 alert internal error') ↓

cause Server rejected TLS version or cipher. nassl defaults to TLS 1.2; some servers require TLS 1.3.

fix

Specify an SSL version: SslClient(host, port, ssl_version='TLSv1.3')

error AttributeError: 'SslClient' object has no attribute 'get_certificate_chain' ↓

cause Method deprecated in v4 and removed in v5.

fix

Use client.get_certificate_info().certificate_chain instead.

Warnings

breaking nassl v5 dropped support for Python <3.10. Upgrade your Python environment. ↓

fix Use Python 3.10+ or stay on nassl v4 if you must use older Python.

gotcha SslClient.do_handshake() raises a custom 'Connection error' on failure, not a built-in exception. Catch nassl._nassl.OpenSSL_Error. ↓

fix from nassl._nassl import OpenSSL_Error try: ... except OpenSSL_Error: ...

deprecated Old API 'start_ssl_client' and 'get_certificate_chain' are deprecated and will be removed in v6. Use SslClient and SslClient.get_certificate_info(). ↓

fix Replace start_ssl_client with SslClient(); use get_certificate_info().

gotcha Calling do_handshake() on an already-closed client raises RuntimeError. Always check if client.is_connected before reusing. ↓

fix if not client.is_closed(): client.do_handshake()

Imports

SslClient
wrong
```
from nassl.ssl_client import SslClient
```
correct
```
from nassl import SslClient
```
Top-level import is the correct API; submodule path changed in v5.

SslConnection

wrong

from nassl.legacy import SslConnection

correct

from nassl import SslConnection

Legacy path removed in v5; use top-level import.

CertificateInfo
```
from nassl import CertificateInfo
```

Quickstart

Basic TLS handshake with Google and print Common Name.

from nassl import SslClient

client = SslClient('www.google.com', 443)
client.do_handshake()
print('Server cert CN:', client.get_certificate_info().subject.get('CN'))
client.close()