SSLError, now what?

Imagine API requests in production suddenly start to fail with an unmeaning SSLError deep inside Python’s ssl module. How do you fix the problem? In my talk, you learn the basics of TLS/SSL, certificates, and Python’s ssl module as well as debugging tips and tools to solve common issue.

Has your Python application ever encountered ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED], while connecting to a server, but you didn’t understand what is going on? Are you running production code without TLS/SSL protection or with certificate validation disabled, because you couldn’t figure out how to make it work correctly?

TLS/SSL is the most important and widely-used protocol for secure and encrypted communication, e.g. HTTPS. It offers more than just encryption. TLS also ensures data integrity and strong authentication with X.509 certificates. But it provides merely a false sense of security, if you use it wrong.

I’ll give you the rundown of the basic cryptographic building blocks, protocol handshake, inner structure of certificates, and PKI. Based on common pit-falls and issues, you’ll learn about the best practices, debugging tools and tips how to diagnose TLS/SSL and how to deal with certificates. A basic understanding of Python, networking protocols (TCP/IP, DNS), and cryptography (symmetric encryption, public key algorithms) is helpful, but not strictly required to understand the talk.

I’m a maintainer of Python’s ssl module

https://speakerdeck.com/tiran/