This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (
Help us improve Python packaging - Donate today!

Experimental OpenSSL wrapper for Python 2.7 / 3.3+ and SSLyze.

Project Description

[![Build Status](](
[![PyPI version](](

Experimental OpenSSL wrapper for Python 2.7 / 3.3+ and SSLyze. **Do NOT use for anything serious**. This code has not
been properly tested/reviewed and is absolutely not production ready.

Quick Start

Nassl can be installed directly via pip:

pip install nassl

On OS X and Linux, it is also easy to directly clone the repository, build the `_nassl` C extension and then run the
sample client:

git clone
cd nassl
pip install -r requirements.txt --target ./lib
python build_ext -i

Building the C extension

Nassl relies on a C extension to call into OpenSSL; the extension can be directly built using the pre-compiled OpenSSL
binaries available in ./bin, by running the following command:

python build_ext -i

On Windows, a "Platform Wheel" can be built using:

python bdist_wheel

If you do not want to use the pre-compiled binaries, compiling the C extension requires successively building:

* [Zlib 1.2.11](
* A [special fork of OpenSSL 1.0.2]( which enables additional features (such as
the ChaCha20 cipher suites), or the official OpenSSL 1.0.2e.
* The `_nassl` C extension itself

The whole build process is all taken care of by the _build\_from\_scratch.py_ script:

git clone
cd nassl
pip install -r requirements.txt --target ./lib
tar xvfz zlib-1.2.11.tar.gz
git clone

For Windows builds, Visual Studio is expected to be installed at the default location.

The build script was tested on the following platforms: Windows 7 (32 and 64 bits), Debian 7 (32 and 64 bits),
macOS Sierra. It will build the C extension for the interpreter and platform that was used to run the script
(ie. no cross-compiling).

Project structure

### nassl/

Classes implemented in Python are part of the `nassl` namespace; they are designed to provide a simpler, higher-level
interface to perform SSL connections.

### nassl/_nassl/

Classes implemented in C are part of the `nassl._nassl` namespace; they try to stay as close as possible to OpenSSL's
API. In most cases, Python methods of such objects directly match the OpenSSL function with same name. For example the
`` Python method matches OpenSSL's `SSL_read()` function.

These classes should be considered internal.

Why another SSL library?

I'm the author of [SSLyze](, an SSL scanner written in Python. Scanning SSL servers
requires access to low-level SSL functions within the OpenSSL API, for example to test for things like insecure
renegotiation or session resumption.

None of the existing OpenSSL wrappers for Python (including ssl, M2Crypto and pyOpenSSL) expose the APIs that I need for
SSLyze, so I had to write my own wrapper.


Licensed under the GPLv2; see ./LICENSE

Please contact me if this license doesn't work for you.


Alban Diquet - @nabla_c0d3 -
Release History

Release History

This version
History Node


History Node


History Node


History Node


History Node


History Node


History Node


History Node


History Node


History Node


History Node


History Node


History Node


History Node


History Node


History Node


Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
nassl-0.16.3-cp27-none-win32.whl (558.0 kB) Copy SHA256 Checksum SHA256 2.7 Wheel Apr 28, 2017
nassl-0.16.3-cp27-none-win_amd64.whl (835.5 kB) Copy SHA256 Checksum SHA256 2.7 Wheel Apr 28, 2017 (15.6 MB) Copy SHA256 Checksum SHA256 Source Apr 28, 2017

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting