Search code examples

How do you use a Python socket with stunnel?

I'm trying to implement a TCP socket via stunnel but not sure how to capture the server response. My stunnel configuration file is exactly like this:

client = yes
accept =
connect =
verify = 4
CAfile = /etc/

And the Python code I have is:

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("", 4197))
msg = b'GET / HTTP/1.1\nHost:\n\n' # ping google as a means of testing 

Whatever the message I send over the socket (including those that the server located at would expect) the result of that print statement is always just an empty string in byte form:


The stunnel log is as follows:

2017.11.02 20:49:58 LOG5[7]: Service [Coinbase] accepted connection from
2017.11.02 20:49:58 LOG5[7]: s_connect: connected
2017.11.02 20:49:58 LOG5[7]: Service [Coinbase] connected remote server from
2017.11.02 20:49:58 LOG5[7]: Certificate accepted at depth=0: C=US, 
ST=California, L=San Francisco, O="Coinbase, Inc.", CN=*
2017.11.02 20:50:06 LOG3[7]: readsocket: Connection reset by peer 
2017.11.02 20:50:06 LOG5[7]: Connection reset: 37 byte(s) sent to TLS, 0 
byte(s) sent to socket

My interpretation of that is that the message is going out fine and the certificate is valid etc, but I can't work out how to receive data sent back by the server... any help greatly appreciated! I'm quite new to TCP & SSL so apologies if any of the terminology is wrong.


  • socket.recv() will return an empty string if the connection is closed by the remote party.

    It seems like you are trying to connect to a FIX gateway. It is a very standard behavior for a FIX server to close the connection without any response if it does not receive the correct LOGON message. The very first message you send must be LOGON - something like:


    where "|" is the SOH (ASCII code 01) character. If you do not send this message, or you get anything wrong in it (like the CompIDs or FIX version, timestamp, etc) the server will typically just close the connection (making it a bit of a guess-work to figure out what you are sending wrong).

    Also, you can only send FIX protocol messages, the "GET ..." string you are trying to reach google with is part of the HTTP protocol - it will not be recognized by a FIX server.