Skip to main content
Warning: You are using the test version of PyPI. This is a pre-production deployment of Warehouse. Changes made here affect the production instance of TestPyPI (
Help us improve Python packaging - Donate today!

Experimental OpenSSL wrapper for SSLyze.

Project Description


[![Build Status](](

Experimental Python wrapper for OpenSSL. **Do NOT use for anything serious**.
This code has not been properly tested/reviewed and is absolutely not
production ready. For example, nassl uses an **insecure, outdated version
of OpenSSL**.


See test/ for an example.

Getting started
python2.7 build_ext -i
ptyhon run_tests


Multiple build scripts are available. They will consecutively build Zlib,
OpenSSL and nassl.

Regardless of the platform you're targeting, you will need to:
* Download a special fork of OpenSSL 1.0.2 (or the official OpenSSL 1.0.2e) at and put in nassl's root folder.
* Download Zlib at and extract the content
of the source package to nassl/zlib-1.2.8.


Build script for OS X 64 bits and Linux 32/64 bits. It was tested on OS X
Mavericks, Ubuntu 13.04 and Debian 7. This is the easiest build script to use.

$ wget
$ tar xvfz zlib-1.2.8.tar.gz
$ git clone
$ python


Build script for Windows 7 32 bits. It expects Python to be installed in


Build script for Windows 7 64 bits. It expects Python to be installed in
C:\Python27. This build script will crash after building OpenSSL but you can
still manage to get a full build of nassl by manually copying the OpenSSL libs
from openssl/out32 to the right location in build/. Look at win32 builds.

Unit Tests

$ python -m unittest discover test -p *


### src/

Classes implemented in Python are part of the nassl namespace. This currently
includes, and Such classes
are designed to provide a simpler, higher-level interface to perform SSL

### src/_nassl/

Classes implemented in C are part of the nassl.\_nassl namespace. They try to
stay as close as possible to OpenSSL's API. In most cases, Python methods of
such objects directly match the OpenSSL function with same name. For example
the \ Python method matches OpenSSL's SSL\_read() function.
These C classes should be considered internal.

Why ???

I'm the author of SSLyze, an SSL scanner written in Python: Scanning SSL servers requires access
to low-level SSL functions within the OpenSSL API, for example to test for
things like insecure renegotiation or session resumption.

None of the existing OpenSSL wrappers for Python (including ssl, M2Crypto and
pyOpenSSL) expose the APIs that I need for SSLyze, so I had to write my own


Copyright 2015 Alban Diquet

Licensed under the GPLv2; see ./LICENSE

Please contact me if this license doesn't work for you.


Alban Diquet -

Release History

This version
History Node


History Node


History Node


History Node


History Node


History Node


Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Hash SHA256 Hash Help Version File Type Upload Date
(1.9 MB) Copy SHA256 Hash SHA256
Source Jan 24, 2016

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting